HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 329
Optional PCM and IDM Applications, General Application Options
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 329 highlights
Notes IPv4 Access Control Lists (ACLs) Introduction Optional PCM and IDM Applications ProCurve Manager is a Windows-based network management solution for all manageable ProCurve devices. It provides network mapping and polling capabilities, device auto-discovery and topology, tools for device configura tion and management, monitoring network traffic, and alerts and trouble shooting information for ProCurve networks. ProCurve Identity Driven Manager (IDM) is an add-on module to the ProCurve Manager plus (PCM+) application. IDM extends the functionality of PCM+ to include authorization control features for edge devices in networks using RADIUS servers and Web-Authentication, MAC-Authentication, or 802.1X security protocols. For more information, including electronic copies of the PCM and IDM manuals, visit the ProCurve Web site at www.procurve.com. (The PCM and IDM documentation is available under Network Management on the Product manuals page of the Technical Support area.) General Application Options Layer 3 IP filtering with Access Control Lists (ACLs) enables you to improve network performance and restrict network use by creating policies for: ■ Switch Management Access: Permits or denies in-band manage ment access. This includes preventing the use of certain TCP or UDP applications (such as Telnet, SSH, web browser, and SNMP) for transactions between specific source and destination IP addresses. ■ Application Access Security: Eliminates inbound, unwanted IP, TCP, or UDP traffic by filtering packets where they enter the switch on specific physical ports or trunks. This chapter describes how to configure, apply, and edit ACLs, and how to monitor the results of ACL actions. ACLs can enhance network security by blocking selected IP traffic, and can serve as one aspect of maintaining network security. However, because ACLs do not provide user or device authentication, or protection from malicious manipulation of data carried in IP packet transmissions, they should not be relied upon for a complete security solution. ACLs do not screen non-IP traffic such as AppleTalk and IPX. 9-5