Converged Networks and Fibre Channel over Ethernet
Page 3
... Group. This should enable fair sharing of the link, better performance, and metering. • Data Center Bridging Exchange Protocol (DCBX): 802.1Qaz supports discovery and configuration of converged networks and the reduced requirement for I/O ports for converting FCoE on ). FCoE is specified as part of required I /O in 2011. Figure 2: The FCoE...
... Group. This should enable fair sharing of the link, better performance, and metering. • Data Center Bridging Exchange Protocol (DCBX): 802.1Qaz supports discovery and configuration of converged networks and the reduced requirement for I/O ports for converting FCoE on ). FCoE is specified as part of required I /O in 2011. Figure 2: The FCoE...
Converged Networks and Fibre Channel over Ethernet
Page 5
...to converge data center networks, various engineering tradeoffs become necessary. iSCSI: SANs using FCoE have been important to focus on user configuration. Cluster interconnects Cluster interconnects are both Ethernet and host bus adapters, depending on a single approach to best serve its efforts... use the single hop FCoE already deployed within existing network infrastructures. Therefore FCoE is the storage fabric of parallel databases. HP Virtual Connect direct-attach Fibre Channel for different environments, but in the end the industry needs to the performance of choice...
...to converge data center networks, various engineering tradeoffs become necessary. iSCSI: SANs using FCoE have been important to focus on user configuration. Cluster interconnects Cluster interconnects are both Ethernet and host bus adapters, depending on a single approach to best serve its efforts... use the single hop FCoE already deployed within existing network infrastructures. Therefore FCoE is the storage fabric of parallel databases. HP Virtual Connect direct-attach Fibre Channel for different environments, but in the end the industry needs to the performance of choice...
Converged Networks and Fibre Channel over Ethernet
Page 7
...) Per priority pause flow control (PFC) Per priority pause flow control Severely limit number of hops, or tune configuration QCN FCF in end-to-end network environments, HP recommends 3PAR Storage Solutions with Flat SAN technology as these buffers are justified and easily defended In advance of FCoE ...each switch hop Same multi-hop limitations as "speeds and feeds" and examine the pool of a Fibre Channel interface card commonly known as HP does on a blade server, as HBA. Multiple servers simultaneously accessing large amounts of data on the motherboard, it floods the buffer pools in...
...) Per priority pause flow control (PFC) Per priority pause flow control Severely limit number of hops, or tune configuration QCN FCF in end-to-end network environments, HP recommends 3PAR Storage Solutions with Flat SAN technology as these buffers are justified and easily defended In advance of FCoE ...each switch hop Same multi-hop limitations as "speeds and feeds" and examine the pool of a Fibre Channel interface card commonly known as HP does on a blade server, as HBA. Multiple servers simultaneously accessing large amounts of data on the motherboard, it floods the buffer pools in...
Converged Networks and Fibre Channel over Ethernet
Page 8
... the FCoE world than the Ethernet switch with Fibre Channel devices today, extensive interoperability testing will work in the tested configurations keeping in an appendix to lossless traffic like traffic after an accident. The switch watches FIP packets and only allows ... technology areas in FC-BB-6 has been a device called "congestion spreading." One of the intermediate Ethernet switch in a two hop configuration. We expect that, just as a port expander to -end load overwhelms network capacity Congestion management technology Behavior Technology example showing that carries...
... the FCoE world than the Ethernet switch with Fibre Channel devices today, extensive interoperability testing will work in the tested configurations keeping in an appendix to lossless traffic like traffic after an accident. The switch watches FIP packets and only allows ... technology areas in FC-BB-6 has been a device called "congestion spreading." One of the intermediate Ethernet switch in a two hop configuration. We expect that, just as a port expander to -end load overwhelms network capacity Congestion management technology Behavior Technology example showing that carries...
ISS Technology Update Index
Page 3
... Manager Central Management Server ProLiant management tip of the month: Using the HP 5 BladeSystem Firmware Deployment Tool (FDT) PUE and DCE-useful metrics for overall data center 6 efficiency Q Quick tip: Configuring a redundant domain controller 3 when using Fabric Manager software to 6 configure switches R Recommendations for differences in energy efficiency between 1 online "double-conversion" technology...
... Manager Central Management Server ProLiant management tip of the month: Using the HP 5 BladeSystem Firmware Deployment Tool (FDT) PUE and DCE-useful metrics for overall data center 6 efficiency Q Quick tip: Configuring a redundant domain controller 3 when using Fabric Manager software to 6 configure switches R Recommendations for differences in energy efficiency between 1 online "double-conversion" technology...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 4
... Interface Wizard 1-12 SNMP Security Guidelines 1-15 Precedence of Security Options 1-17 Precedence of Port-Based Security Options 1-17 Precedence of Client-Based Authentication: Dynamic Configuration Arbiter 1-17 Network Immunity Manager 1-18 Arbitrating Client-Specific Attributes 1-19 ProCurve Identity-Driven Manager (IDM 1-21 iii
... Interface Wizard 1-12 SNMP Security Guidelines 1-15 Precedence of Security Options 1-17 Precedence of Port-Based Security Options 1-17 Precedence of Client-Based Authentication: Dynamic Configuration Arbiter 1-17 Network Immunity Manager 1-18 Arbitrating Client-Specific Attributes 1-19 ProCurve Identity-Driven Manager (IDM 1-21 iii
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 5
... Password Security Contents 2-1 Overview 2-3 Configuring Local Password Security 2-6 Menu: Setting Passwords 2-6 CLI: Setting Passwords and Usernames 2-8 Web: Setting Passwords and Usernames 2-9 SNMP: Setting Passwords and Usernames 2-9 Saving Security...Front-Panel Security 2-23 When Security Is Important 2-23 Front-Panel Button Functions 2-24 Clear Button 2-25 Reset Button 2-25 Restoring the Factory Default Configuration 2-25 Configuring Front-Panel Security 2-27 Disabling the Clear Password Function of the Clear Button . . . 2-29 Re-Enabling the Clear Button and Setting or ...
... Password Security Contents 2-1 Overview 2-3 Configuring Local Password Security 2-6 Menu: Setting Passwords 2-6 CLI: Setting Passwords and Usernames 2-8 Web: Setting Passwords and Usernames 2-9 SNMP: Setting Passwords and Usernames 2-9 Saving Security...Front-Panel Security 2-23 When Security Is Important 2-23 Front-Panel Button Functions 2-24 Clear Button 2-25 Reset Button 2-25 Restoring the Factory Default Configuration 2-25 Configuring Front-Panel Security 2-27 Disabling the Clear Password Function of the Clear Button . . . 2-29 Re-Enabling the Clear Button and Setting or ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 6
... for Web/MAC Authentication 3-14 Before You Configure Web/MAC Authentication 3-14 Configuring the RADIUS Server To Support MAC Authentication . . 3-16 Configuring the Switch To Access a RADIUS Server 3-17 Configuring Web Authentication 3-20 Overview 3-20 Configuration Commands for Web Authentication 3-21 Show Commands...34 Operating Notes and Guidelines 3-34 Customizing HTML Templates 3-35 Customizable HTML Templates 3-36 Configuring MAC Authentication on the Switch 3-50 Overview 3-50 Configuration Commands for MAC Authentication 3-51 Show Commands for MAC-Based Authentication 3-54 v
... for Web/MAC Authentication 3-14 Before You Configure Web/MAC Authentication 3-14 Configuring the RADIUS Server To Support MAC Authentication . . 3-16 Configuring the Switch To Access a RADIUS Server 3-17 Configuring Web Authentication 3-20 Overview 3-20 Configuration Commands for Web Authentication 3-21 Show Commands...34 Operating Notes and Guidelines 3-34 Customizing HTML Templates 3-35 Customizable HTML Templates 3-36 Configuring MAC Authentication on the Switch 3-50 Overview 3-50 Configuration Commands for MAC Authentication 3-51 Show Commands for MAC-Based Authentication 3-54 v
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 7
... 4-2 Terminology Used in TACACS Applications 4-3 General System Requirements 4-5 General Authentication Setup Procedure 4-5 Configuring TACACS+ on the Switch 4-8 Before You Begin 4-8 CLI Commands Described in this Section 4-9 Viewing the Switch's Current Authentication Configuration 4-9 Viewing the Switch's Current TACACS+ Server Contact Configuration 4-10 Configuring the Switch's Authentication Methods 4-11 Using the Privilege-Mode Option for Login...
... 4-2 Terminology Used in TACACS Applications 4-3 General System Requirements 4-5 General Authentication Setup Procedure 4-5 Configuring TACACS+ on the Switch 4-8 Before You Begin 4-8 CLI Commands Described in this Section 4-9 Viewing the Switch's Current Authentication Configuration 4-9 Viewing the Switch's Current TACACS+ Server Contact Configuration 4-10 Configuring the Switch's Authentication Methods 4-11 Using the Privilege-Mode Option for Login...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 8
... 5-39 Steps for the Access Methods You Want RADIUS To Protect 5-10 2. Enable the (Optional) Access Privilege Option 5-13 3. Configure the Switch To Access a RADIUS Server 5-14 4. Configure Authentication for Configuring RADIUS Accounting 5-39 1. Configure the Switch To Access a RADIUS Server 5-40 vii Authentication Services 5-3 Accounting Services 5-4 RADIUS-Administered CoS and Rate-Limiting 5-4 RADIUIS...
... 5-39 Steps for the Access Methods You Want RADIUS To Protect 5-10 2. Enable the (Optional) Access Privilege Option 5-13 3. Configure the Switch To Access a RADIUS Server 5-14 4. Configure Authentication for Configuring RADIUS Accounting 5-39 1. Configure the Switch To Access a RADIUS Server 5-40 vii Authentication Services 5-3 Accounting Services 5-4 RADIUS-Administered CoS and Rate-Limiting 5-4 RADIUIS...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 9
... Client To Access the Switch 6-24 Further Information on the Switch and Anticipating SSH Client Contact Behavior 6-15 5. Configure Accounting Types and the Controls for Sending Reports to the RADIUS Server 5-42 3. (Optional) Configure Session Blocking and Interim Updating Options 5-44 Viewing RADIUS Statistics 5-46 General RADIUS Statistics 5-46 RADIUS Authentication Statistics...
... Client To Access the Switch 6-24 Further Information on the Switch and Anticipating SSH Client Contact Behavior 6-15 5. Configure Accounting Types and the Controls for Sending Reports to the RADIUS Server 5-42 3. (Optional) Configure Session Blocking and Interim Updating Options 5-44 Viewing RADIUS Statistics 5-46 General RADIUS Statistics 5-46 RADIUS Authentication Statistics...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 10
... Certificate 7-8 To Generate or Erase the Switch's Server Certificate with the CLI 7-9 Comments on VLANS 8-7 Configuring DHCP Snooping Trusted Ports 8-8 Configuring Authorized Server Addresses 8-9 ix Enabling SSL on the Switch and Anticipating SSL Browser Contact Behavior 7-17 Using the...CLI Interface to Enable SSL 7-19 Using the Web Browser Interface to Enable SSL 7-19 Common Errors in SSL setup 7-21 8 Configuring Advanced Threat Protection Contents 8-1 Introduction 8-3 DHCP Snooping 8-4 Overview 8-4 Enabling DHCP Snooping 8-5 Enabling DHCP Snooping on Certificate Fields 7-10...
... Certificate 7-8 To Generate or Erase the Switch's Server Certificate with the CLI 7-9 Comments on VLANS 8-7 Configuring DHCP Snooping Trusted Ports 8-8 Configuring Authorized Server Addresses 8-9 ix Enabling SSL on the Switch and Anticipating SSL Browser Contact Behavior 7-17 Using the...CLI Interface to Enable SSL 7-19 Using the Web Browser Interface to Enable SSL 7-19 Common Errors in SSL setup 7-21 8 Configuring Advanced Threat Protection Contents 8-1 Introduction 8-3 DHCP Snooping 8-4 Overview 8-4 Enabling DHCP Snooping 8-5 Enabling DHCP Snooping on Certificate Fields 7-10...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 11
...8-16 Introduction 8-16 Enabling Dynamic ARP Protection 8-18 Configuring Trusted Ports 8-18 Adding an IP-to-MAC Binding to the DHCP Database 8-20 Configuring Additional Validation Checks on ARP Packets 8-21 Verifying the Configuration of Dynamic ARP Protection 8-21 Displaying ARP Packet Statistics... . . . . 8-28 Potential Issues with Bindings 8-28 Adding a Static Binding 8-29 Verifying the Dynamic IP Lockdown Configuration 8-29 Displaying the Static Configuration of IP-to-MAC Bindings 8-30 Debugging Dynamic IP Lockdown 8-31 Using the Instrumentation Monitor 8-33 Operating Notes 8-34...
...8-16 Introduction 8-16 Enabling Dynamic ARP Protection 8-18 Configuring Trusted Ports 8-18 Adding an IP-to-MAC Binding to the DHCP Database 8-20 Configuring Additional Validation Checks on ARP Packets 8-21 Verifying the Configuration of Dynamic ARP Protection 8-21 Displaying ARP Packet Statistics... . . . . 8-28 Potential Issues with Bindings 8-28 Adding a Static Binding 8-29 Verifying the Dynamic IP Lockdown Configuration 8-29 Displaying the Static Configuration of IP-to-MAC Bindings 8-30 Debugging Dynamic IP Lockdown 8-31 Using the Instrumentation Monitor 8-33 Operating Notes 8-34...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 12
...Rules for Named Source-Port Filters 9-6 Defining and Configuring Named Source-Port Filters 9-7 Viewing a Named Source-Port Filter 9-8 Using Named Source-Port Filters 9-9 Configuring Traffic/Security Filters 9-15 Configuring a Source-Port Traffic Filter 9-16 Example of Creating a Source-Port Filter 9-17 Configuring a Filter on a Port Trunk 9-17 Editing... a Source-Port Filter 9-18 Filter Indexing 9-19 Displaying Traffic/Security Filters 9-20 10 Configuring Port-Based and User-Based Access Control (802.1X) Contents 10-1 Overview 10-3 Why Use Port-Based or User...
...Rules for Named Source-Port Filters 9-6 Defining and Configuring Named Source-Port Filters 9-7 Viewing a Named Source-Port Filter 9-8 Using Named Source-Port Filters 9-9 Configuring Traffic/Security Filters 9-15 Configuring a Source-Port Traffic Filter 9-16 Example of Creating a Source-Port Filter 9-17 Configuring a Filter on a Port Trunk 9-17 Editing... a Source-Port Filter 9-18 Filter Indexing 9-19 Displaying Traffic/Security Filters 9-20 10 Configuring Port-Based and User-Based Access Control (802.1X) Contents 10-1 Overview 10-3 Why Use Port-Based or User...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 13
...the (Default) Port-Based Authentication 10-19 B. Specify User-Based Authentication or Return to Port-Based Authentication 10-20 Example: Configuring User-Based 802.1X Authentication . . . . 10-21 Example: Configuring Port-Based 802.1X Authentication . . . . 10-21 2. Enable 802.1X Authentication on -LAN Traffic 10-27 ...Open VLAN Modes 10-31 Operating Rules for Port-Access 10-21 3. Enter the RADIUS Host IP Address(es 10-25 5. Optional: Configure 802.1X Controlled Directions 10-26 Wake-on the Switch 10-25 6. Enable 802.1X Authentication on Selected Ports 10-19 A. Enable the...
...the (Default) Port-Based Authentication 10-19 B. Specify User-Based Authentication or Return to Port-Based Authentication 10-20 Example: Configuring User-Based 802.1X Authentication . . . . 10-21 Example: Configuring Port-Based 802.1X Authentication . . . . 10-21 2. Enable 802.1X Authentication on -LAN Traffic 10-27 ...Open VLAN Modes 10-31 Operating Rules for Port-Access 10-21 3. Enter the RADIUS Host IP Address(es 10-25 5. Optional: Configure 802.1X Controlled Directions 10-26 Wake-on the Switch 10-25 6. Enable 802.1X Authentication on Selected Ports 10-19 A. Enable the...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 14
...68 Enabling the Use of GVRP-Learned Dynamic VLANs in Authentication Sessions 10-71 Messages Related to 802.1X Operation 10-73 11 Configuring and Monitoring Port Security Contents 11-1 Overview 11-3 Port Security 11-4 Basic Operation 11-4 Eavesdrop Protection 11-5 Blocking Unauthorized Traffic 11...-5 Trunk Group Exclusion 11-6 Planning Port Security 11-7 Port Security Command Options and Operation 11-8 Port Security Display Options 11-8 Configuring Port Security 11-12 Retention of Static Addresses 11-17 MAC Lockdown 11-22 Differences Between MAC Lockdown and Port Security 11-24 ...
...68 Enabling the Use of GVRP-Learned Dynamic VLANs in Authentication Sessions 10-71 Messages Related to 802.1X Operation 10-73 11 Configuring and Monitoring Port Security Contents 11-1 Overview 11-3 Port Security 11-4 Basic Operation 11-4 Eavesdrop Protection 11-5 Blocking Unauthorized Traffic 11...-5 Trunk Group Exclusion 11-6 Planning Port Security 11-7 Port Security Command Options and Operation 11-8 Port Security Display Options 11-8 Configuring Port Security 11-12 Retention of Static Addresses 11-17 MAC Lockdown 11-22 Differences Between MAC Lockdown and Port Security 11-24 ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 15
Deploying MAC Lockdown 11-26 MAC Lockout 11-26 Port Security and MAC Lockout 11-29 Web: Displaying and Configuring Port Security Features 11-30 Reading Intrusion Alerts and Resetting Alert Flags 11-30 Notice of Security Violations 11-30 How the ...12-4 Overview of IP Mask Operation 12-4 Menu: Viewing and Configuring IP Authorized Managers 12-5 CLI: Viewing and Configuring Authorized IP Managers 12-6 Listing the Switch's Current Authorized IP Manager(s 12-6 Configuring IP Authorized Managers for the Switch 12-7 Web: Configuring IP Authorized Managers 12-9 Web Proxy Servers 12-9 How to...
Deploying MAC Lockdown 11-26 MAC Lockout 11-26 Port Security and MAC Lockout 11-29 Web: Displaying and Configuring Port Security Features 11-30 Reading Intrusion Alerts and Resetting Alert Flags 11-30 Notice of Security Violations 11-30 How the ...12-4 Overview of IP Mask Operation 12-4 Menu: Viewing and Configuring IP Authorized Managers 12-5 CLI: Viewing and Configuring Authorized IP Managers 12-6 Listing the Switch's Current Authorized IP Manager(s 12-6 Configuring IP Authorized Managers for the Switch 12-7 Web: Configuring IP Authorized Managers 12-9 Web Proxy Servers 12-9 How to...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 16
Building IP Masks 12-10 Configuring One Station Per Authorized Manager IP Entry 12-10 Configuring Multiple Stations Per Authorized Manager IP Entry . . 12-11 Additional Examples for Authorizing Multiple Stations 12-13 Operating Notes 12-13 xv
Building IP Masks 12-10 Configuring One Station Per Authorized Manager IP Entry 12-10 Configuring Multiple Stations Per Authorized Manager IP Entry . . 12-11 Additional Examples for Authorizing Multiple Stations 12-13 Operating Notes 12-13 xv
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 18
... IPv6 Configuration Guide-Describes the IPv6 protocol operations that are supported on the switch. ■ Release Notes-Describe new features, fixes, and enhancements that become available between revisions of the following websites: www.procurve.com/manuals www.hp.com/go/bladesystem/documentation h18004.www1.hp.com/... and perform the physical installation and connect the switch to install hard- tures. ■ Access Security Guide-Explains how to configure IGMP fea- Electronic Publications The latest version of each of the publications listed below is also available in PDF format, as ...
... IPv6 Configuration Guide-Describes the IPv6 protocol operations that are supported on the switch. ■ Release Notes-Describe new features, fixes, and enhancements that become available between revisions of the following websites: www.procurve.com/manuals www.hp.com/go/bladesystem/documentation h18004.www1.hp.com/... and perform the physical installation and connect the switch to install hard- tures. ■ Access Security Guide-Explains how to configure IGMP fea- Electronic Publications The latest version of each of the publications listed below is also available in PDF format, as ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 19
... Authentication Authorized IP Managers Authorized Manager List (Web, Telnet, TFTP) Auto MDIX Configuration BOOTP Config File Console Access Copy Command CoS (Class of Service) Debug DHCP Configuration DHCP/Bootp Operation Diagnostic Tools Manual Management Advanced Multicast and and Traffic Routing Configuration Management X X X X X X X X X X X Access Security Guide X X X X ...for information on a given software feature. Note Software Feature Index This feature index indicates which manual to the IPv6 Configuration Guide. This Index does not cover IPv6 capable software features.
... Authentication Authorized IP Managers Authorized Manager List (Web, Telnet, TFTP) Auto MDIX Configuration BOOTP Config File Console Access Copy Command CoS (Class of Service) Debug DHCP Configuration DHCP/Bootp Operation Diagnostic Tools Manual Management Advanced Multicast and and Traffic Routing Configuration Management X X X X X X X X X X X Access Security Guide X X X X ...for information on a given software feature. Note Software Feature Index This feature index indicates which manual to the IPv6 Configuration Guide. This Index does not cover IPv6 capable software features.