1-16
Security Overview
Precedence of Security Options
DCA allows client-specific parameters configured in any of the following ways
to be applied and removed as needed in a specified hierarchy of precedence.
When multiple values for an individual configuration parameter exist, the
value applied to a client session is determined in the following order (from
highest to lowest priority) in which a value configured with a higher priority
overrides a value configured with a lower priority:
1. Attribute profiles applied through the Network Immunity network-man-
agement application using SNMP (see “HP E-Network Immunity Man-
ager”)
2. 802.1X authentication parameters (RADIUS-assigned)
3. Web- or MAC-authentication parameters (RADIUS-assigned)
4. Local, statically-configured parameters
Although RADIUS-assigned settings are never applied to ports for non-
authenticated clients, the Dynamic Configuration Arbiter allows you to
configure and assign client-specific port configurations to non-authenticated
clients, provided that a client’s MAC address is known in the switch in the
forwarding database. DCA arbitrates the assignment of attributes on both
authenticated and non-authenticated ports.
DCA does not support the arbitration and assignment of client-specific
attributes on trunk ports.
HP E-Network Immunity Manager
HP E-Network Immunity Manager (NIM) is a plug-in to HP PCM+ and a key
component of the HP E-Network Immunity security solution that provides
comprehensive detection and per-port-response to malicious traffic at the HP
network edge. NIM allows you to apply policy-based actions to minimize the
negative impact of a client’s behavior on the network. For example, using NIM
you can apply a client-specific profile that adds or modifies per-port rate-
limiting and VLAN ID assignments.
Note NIM actions only support the configuration of per-port rate-limiting and VLAN
ID assignment; NIM does not support CoS (802.1p) priority assignment and
ACL configuration.
NIM-applied parameters temporarily override RADIUS-configured and locally
configured parameters in an authentication session. When the NIM-applied
action is removed, the previously applied client-specific parameter (locally
To Next Page
Loading...
Need help?
General