HP 6120G/XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 40
Network Immunity Manager, Network Immunity Manager NIM is a plug-in to ProCurve Manager PCM - procurve manual
View all HP 6120G/XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 40 highlights
Security Overview Precedence of Security Options value applied to a client session is determined in the following order (from highest to lowest priority) in which a value configured with a higher priority overrides a value configured with a lower priority: 1. Attribute profiles applied through the Network Immunity network-management application using SNMP (see "Network Immunity Manager") 2. 802.1X authentication parameters (RADIUS-assigned) 3. Web- or MAC-authentication parameters (RADIUS-assigned) 4. Local, statically-configured parameters Although RADIUS-assigned settings are never applied to ports for nonauthenticated clients, the Dynamic Configuration Arbiter allows you to configure and assign client-specific port configurations to non-authenticated clients, provided that a client's MAC address is known in the switch in the forwarding database. DCA arbitrates the assignment of attributes on both authenticated and non-authenticated ports. DCA does not support the arbitration and assignment of client-specific attributes on trunk ports. Network Immunity Manager Network Immunity Manager (NIM) is a plug-in to ProCurve Manager (PCM) and a key component of the ProCurve Network Immunity security solution that provides comprehensive detection and per-port-response to malicious traffic at the ProCurve network edge. NIM allows you to apply policy-based actions to minimize the negative impact of a client's behavior on the network. For example, using NIM you can apply a client-specific profile that adds or modifies per-port rate-limiting and VLAN ID assignments. Note NIM actions only support the configuration of per-port rate-limiting and VLAN ID assignment; NIM does not support CoS (802.1p) priority assignment. NIM-applied parameters temporarily override RADIUS-configured and locally configured parameters in an authentication session. When the NIM-applied action is removed, the previously applied client-specific parameter (locally configured or RADIUS-assigned) is re-applied unless there have been other configuration changes to the parameter. In this way, NIM allows you to minimize network problems without manual intervention. NIM also allows you to configure and apply client-specific profiles on ports that are not configured to authenticate clients (unauthorized clients), provided that a client's MAC address is known in the switch's forwarding database. 1-18