Security Overview
Access Security Features
Feature Default
Setting
Security Guidelines More Information and
Configuration Details
RADIUS disabled For each authorized client, RADIUS can be used to Chapter 6, “RADIUS
Authentication authenticate operator or manager access privileges on Authentication and
the switch via the serial port (CLI and Menu interface), Accounting”
Telnet, SSH, and Secure FTP/Secure Copy (SFTP/SCP)
access methods.
802.1X Access none This feature provides port-based or user-based
Chapter 13 “Configuring
Control authentication through a RADIUS server to protect the
Port-Based and User-Based
switch from unauthorized access and to enable the use
Access Control (802.1X)”
of RADIUS-based user profiles to control client access
to network services. Included in the general features are
the following:
• user-based access control supporting up to eight
authenticated clients per port
• port-based access control allowing authentication
by a single client to open the port
• switch operation as a supplicant for point-to-point
connections to other 802.1X-compliant ProCurve
switches
Web and MAC none These options are designed for application on the edge
Chapter 4, “Web and MAC
Authentication of a network to provide port-based security measures
Authentication”
for protecting private networks and the switch itself
from unauthorized access. Because neither method
requires clients to run any special supplicant software,
both are suitable for legacy systems and temporary
access situations where introducing supplicant
software is not an attractive option.
Both methods rely on using a RADIUS server for
authentication. This simplifies access security
management by allowing you to control access from a
master database in a single server. It also means the
same credentials can be used for authentication,
regardless of which switch or switch port is the current
access point into the LAN. Web authentication uses a
web page login to authenticate users for access to the
network. MAC authentication grants access to a secure
network by authenticating device MAC addresses for
access to the network.
1-6
