Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

Table 48 Network Security—Default Settings and Security Guidelines (continued)

More information and configuration

details

Security guidelinesDefault settingFeature

WebAgent, and SNMP) for

transactions between specific

source and destination IP

addresses.)

• Application Access Security:

Eliminating unwanted IP, TCP,

or UDP traffic by filtering

packets where they enter or

leave the switch on specific

interfaces.

NOTE: On ACL Security Use:

ACLs can enhance network

security by blocking selected IP

traffic, and can serve as one

aspect of maintaining network

security. However, because ACLs

do not provide user or device

authentication, or protection from

malicious manipulation of data

carried in IP packet transmissions,

they should not be relied upon for

a complete security solution.

“Port Security” (page 357)The features listed below provide

device-based access security in the

following ways:

nonePort Security, MAC

Lockdown, and

MAC Lockout

See also “Precedence of Port-based

security options” (page 437)

• Port security: Enables

configuration of each switch

port with a unique list of the

MAC addresses of devices that

are authorized to access the

network through that port. This

enables individual ports to

detect, prevent, and log

attempts by unauthorized

devices to communicate

through the switch. Some switch

models also include eavesdrop

prevention in the port security

feature.

• MAC lockdown: This static

addressing feature is used as

an alternative to port security

to prevent station movement

and MAC address hijacking by

restricting a given MAC

address to use only one

assigned port on the switch, the

client device to a specific

VLAN.

• MAC lockout: This feature

enables blocking of a specific

MAC address so that the switch

drops all traffic to or from the

specified address.

“Key Management System”

(page 423)

KMS is available in several HP

switch models and is designed to

noneKey Management

System (KMS)

configure and maintain key chains

for use with KMS-capable routing

446 Traffic/Security Features and Monitors