E.09.xx software update for the ProCurve 5300 series switch products

Technical Training

Dec 2004

E.09.xx firmware update for the ProCurve 5300 series switch products New Features• Connection Rate Filtering (Virus Throttling)

E.09.xx firmware update for the ProCurve 5300 series switch products New Features• Connection Rate Filtering (Virus Throttling)• Multiple 802.1X users per port• Concurrent 802.1X and MAC Auth or Web Auth• 802.1X Guest Vlan• Radius authentication for switch manager login

E.09.xx firmware update for the ProCurve 5300 series switch products New Features• Connection Rate Filtering (Virus Throttling)• Multiple 802.1X users per port• Concurrent 802.1X and MAC Auth or Web Auth• 802.1X Guest Vlan• Radius authentication for switch manager login• UDP directed broadcast forwarding

E.09.xx firmware update for the ProCurve 5300 series switch products New Features• Connection Rate Filtering (Virus Throttling)• Multiple 802.1X users per port• Concurrent 802.1X and MAC Auth or Web Auth• 802.1X Guest Vlan• Radius authentication for switch manager login• UDP directed broadcast forwarding• 802.1ab Link Layer Discovery Protocol (LLDP)

E.09.xx firmware update for the ProCurve 5300 series switch products New Features• Connection Rate Filtering (Virus Throttling)• Multiple 802.1X users per port• Concurrent 802.1X and MAC Auth or Web Auth• 802.1X Guest Vlan• Radius authentication for switch manager login• 802.1ab Link Layer Discovery Protocol (LLDP)• UDP directed broadcast forwarding• Multiple configuration files

The Geek Translation

Cold Raw Dead Fish

Connection Rate

FilteringCold Raw Dead Fish

Connection Rate Filtering Most anti-virus software works by preventing infection

Works well but occasionally fails

When it fails, the virus can spread very rapidly and cause lots of damage• Many infected machines• Clogged networks

Example – SQLSlammer, MS-Blaster, SASSER

05:29 Jan 25 ‘03 – 0 infected

06:00 Jan 25 ‘03 – 74855 infected

Connection Rate Filtering

What does CRF do to reduce the threat?

What does CRF do to reduce the threat?• Filter function based on connection rate

What does CRF do to reduce the threat?• Filter function based on connection rate only• Does not look inside packets for signatures

What does CRF do to reduce the threat?• Filter function based on connection rate only• Does not look inside packets for signatures• Functions only on routed traffic (NOT on

switched traffic)

What does CRF do to reduce the threat?• Filter function based on connection rate only• Does not look inside packets for signatures• Functions only on routed traffic (NOT on switched

traffic)• Many valid nodes will create false positives

traffic)• Many valid nodes will create false positives• Must be manually configured

traffic)• Many valid nodes will create false positives• Must be manually configured• Must configure Sensitivity and Response

Connection Rate FilteringSensitivity

Connection Rate Filtering Sensitivity

Max interval between new IP connection requests from same source

Number of New connections without exceeding max interval Penalty Period

Low 0.1 Second 54 <30 Seconds

Medium 1.0 second 37 30 - 60 Seconds

High 1.0 second 22 60 - 90 Seconds

Aggressive 1.0 second 15 90 - 120 Seconds

Connection Rate FilteringSensitivity

Connection Rate Filtering Sensitivity

Max interval between new IP connection requests from same source

Number of New connections without exceeding max interval Penalty Period

Low 0.1 Second 54 <30 Seconds

Medium 1.0 second 37 30 - 60 Seconds

High 1.0 second 22 60 - 90 Seconds

Aggressive 1.0 second 15 90 - 120 Seconds

Example: At medium sensitivity, a host may be trigger the filter by issuing 37 new outbound connections in a 36 second period if the gap between any two new connections does not exceed 1 second. When there is a gap that exceeds 1 second, the counter is reset.

Connection Rate Filtering Response

• notify-only– Generates event log entry and trap event when

sensitivity threshold exceeded

• notify-only– Generates event log entry and trap event when

sensitivity threshold exceeded• throttle

– Generates event log and trap and then blocks routing of traffic from offending host for penalty period defined by sensitivity

– After penalty period the function is reset and routing resumes

• notify-only– Generates event log entry and trap event when sensitivity

threshold exceeded• throttle

– Generates event log and trap and then blocks routing of traffic from offending host for penalty period defined by sensitivity

– After penalty period the function is reset and routing resumes

• block– Generates event log and trap and then blocks

routing of traffic from offending host until manually reset by administrator

Connection Rate Filtering Typical deployment scenario (not set and forget)

Connection Rate Filtering Typical deployment scenario (not set and forget)• Deploy in notify-only mode

Connection Rate Filtering Typical deployment scenario (not set and forget)• Deploy in notify-only mode• Set sensitivity to low

Connection Rate Filtering Typical deployment scenario (not set and forget)• Deploy in notify-only mode• Set sensitivity to low• Monitor the nodes that are triggering

Connection Rate Filtering Typical deployment scenario (not set and forget)• Deploy in notify-only mode• Set sensitivity to low• Monitor the nodes that are triggering• Determine the characteristic of valid traffic

from those nodes

Connection Rate Filtering Typical deployment scenario (not set and forget)• Deploy in notify-only mode• Set sensitivity to low• Monitor the nodes that are triggering• Determine the characteristic of valid traffic from

those nodes• Increase sensitivity, or create an exception

ACL for nodes generating false positives

those nodes• Increase sensitivity, or create an exception ACL

for nodes generating false positives• Activate throttling or blocking

those nodes• Increase sensitivity, or create an exception ACL

for nodes generating false positives• Activate throttling or blocking• Monitor and adjust

Connection Rate Filtering What to do with nodes generating legitimate traffic that triggers the CRF?

Use of connection-rate ACLs provides the option to apply exceptions to the configured connection-rate filtering policy.

■ A trusted server exhibiting a relatively high IP connection rate due to heavy demand

■ A trusted traffic source on the same port as other, untrusted traffic sources.

Connection Rate Filtering Basic CLI commands [no] connection-rate-filter sensitivity < low | medium | high | aggressive >

Global enable/disable and global sensitivity

Connection Rate Filtering Basic CLI commands [no] connection-rate-filter sensitivity < low | medium | high | aggressive >

Global enable/disable and global sensitivity

Reboot the switch after running this command to enable/disable or change CRF sensitivity!

Connection Rate Filtering Basic CLI commands [no] filter connection-rate [eth] port-list <notify-only | throttle | block>

Port based configuration of the response

Connection Rate Filtering Basic CLI commands [no] ip access-list connection-rate-filter name-str

< ignore | filter > ip < any | host src-ip-addr | src-ip-addr src-ip-mask | src-ip-addr/mask

>< source-port | destination-port | all-ports >

Connection Rate Filtering Basic CLI commands [no] ip access-list connection-rate-filter name-str

< ignore | filter > ip < any | host src-ip-addr | src-ip-addr src-ip-mask | src-ip-addr/mask

>< source-port | destination-port | all-ports >

ACLs are ONLY required as exceptions to the CRF policy

Connection Rate Filtering Config Example

Connection Rate Filtering Config example Connection Rate ACL

Connection Rate Filtering - Summary CRF is not set and forget

Connection Rate Filtering - Summary CRF is not set and forget Operates ONLY on routed traffic

Connection Rate Filtering - Summary CRF is not set and forget Operates ONLY on routed traffic Requires a switch reboot after enabling, disabling or changing sensitivity of CRF

Once a host has been blocked, it remains in this state regardless of the port setting – must unblock explicitly

CRF is host based (host is blocked, not port)

CRF is host based (host is blocked, not port) Sensitivity is set globally, response is set per port, filtering is host based

Connection Rate Filtering - Benefits Behavior based

Connection Rate Filtering - Benefits Behavior based Handles unknown worms

Connection Rate Filtering - Benefits Behavior based Handles unknown worms No signature file

Connection Rate Filtering - Benefits Behavior based Handles unknown worms No signature file Slows or stops routing of suspect traffic

Connection Rate Filtering - Benefits Behavior based Handles unknown worms No signature file Slows or stops routing of suspect traffic Allows switch to continue to operate during attack

Connection Rate Filtering - Benefits Behavior based Handles unknown worms No signature file Slows or stops routing of suspect traffic Allows switch to continue to operate during attack Event log and traps help identify the attacker

Connection Rate Filtering - Benefits Behavior based Handles unknown worms No signature file Slows or stops routing of suspect traffic Allows switch to continue to operate during attack Event log and traps help identify the attacker Notifies IT and allows time to respond

Connection Rate Filtering lab• Requires any 5300 switch and one windows PC with traffic

generation tool installed– Configure routable vlans– Set various sensitivities and responses– Generate traffic to be routed– Observe behavior

www.hp.com/go/hpprocurve

Q&AConnection Rate Filtering

Multiple 802.1X users per port – Current Situation

- one client per one 802.1X enabled switch port

- one client per one 802.1X enabled switch port- protocol uses multicast address

- one client per one 802.1X enabled switch port- protocol uses multicast address- port based authentication

- successful authentication by a client opens the port for all traffic

- piggy back attack relatively easy

Multiple 802.1X users per port – E.09.xx- Supports up to 32 802.1X clients per port

Multiple 802.1X users per port – E.09.xx- Supports up to 32 802.1X clients per port- All authenticated clients must use the same UNTAGGED Vlan

Multiple 802.1X users per port – E.09.xx- Supports up to 32 802.1X clients per port- All authenticated clients must use the same UNTAGGED Vlan- Each instance must be associated with a particular source MAC address

Multiple 802.1X users per port – E.09.xx- Supports up to 32 802.1X clients per port- All authenticated clients must use the same UNTAGGED Vlan- Each instance must be associated with a particular source MAC address- Associated instance must use only its associated source MAC address as dest. address for 802.1X packets (will prevent confusion of other 802.1X clients connected to the same port)

Multiple 802.1X users per port – E.09.xx- Supports up to 32 802.1X clients per port- All authenticated clients must use the same UNTAGGED Vlan- Each instance must be associated with a particular source MAC address- Associated instance must use only its associated source MAC address as dest address for 802.1X packets (will prevent confusion of other 802.1X clients connected to the same port)

- An 802.1X protocol instance must be able to receive unicast 802.1X packets

- An 802.1X protocol instance must be able to receive unicast 802.1X packets - Authentication is client based

- successful authentication by a client opens port to traffic with the authenticators SA only

Default client limit is 1. Need to explicitly enter value >1 to enable multiple authenticated clients per port

There is no port-based authentication with E.09.xx! All 802.1x authentication in this revision is client based

Default client limit is 1. Need to explicitly enter value >1 to enable multiple authenticated clients per port.

There is no port-based authentication with E.09.xx! All 802.1x authentication in this revision is client based

#show config (no port based show command for client limit)..aaa port-access authenticator B2aaa port-access authenticator B2 client-limit 18aaa port-access authenticator active.

Multiple 802.1X users per port – E.09.xx

uplink

Is this a valid configuration?

uplink

Is this a valid configuration?With 802.1X authentication on uplink?

supplicant

authenticator

uplink

Is this a valid configuration?With 802.1X authentication on uplink?What about mixed revisions?

supplicant

authenticator

E.08.xx

E.09.xx

uplink

Is this a valid configuration?With 802.1X authentication on uplink?What about mixed revisions?Conclusion?

E.08.xx

E.09.xx

supplicant

authenticator

uplink

Is this a valid configuration?With 802.1X authentication on uplink?What about mixed revisions?Conclusion?

E.08.xx

E.09.xx

supplicant

authenticator

Do not enable 802.1X authentication on uplinks!

Multiple 802.1X users per port – E.09.xx Summary

•Prior to E.09.xx, 802.1X was port based•E.09.xx is client based

•Possible to run into supplicant incompatibilities or cases where implementation relied on port based behavior

•Not appropriate for switch uplink ports•Maximum of 32 authenticated clients per port•Default client-limit is 1

Concurrent 802.1X and web or MAC auth Prior to E.09.xx, 802.1X and Web/MAC auth were mutually exclusive features

E.09.xx allows the simultaneous operation of 802.1X and Web/MAC Auth on the same port

Concurrent 802.1X and Web Auth operation OR concurrent 802.1X and MAC Auth operation. The ability to run all three (802.1X, Web Auth, MAC Auth) concurrently does not exist

Useful for migration where all clients do not have supplicant

Useful for migration where all clients do not have supplicant Popular example is the Mitel configuration

Useful for migration where all clients do not have supplicant Popular example is the Mitel configuration Total number of clients; 802.1x, web auth, MAC auth, must not exceed 32 on a port

Concurrent 802.1X and web or MAC auth802.1x Port Control State

Web or MAC Auth State

Action

Auto Disabled 802.1X performs authentication

Auto Enabled Hybrid authentication, 802.1X authentication result takes precedence to Web or MAC Auth authentication result

Force Authorized Disabled All clients granted access

Force Authorized Enabled Web or MAC auth perform authentication

Force Unauthorized

Don’t Care All clients denied access

Concurrent 802.1X and web or MAC auth and Multiple 802.1X users per port

aaa port-access authenticator <port-list> [control <authorized | auto | unauthorized>][client-limit]

AND aaa port-access web-based [e] < port-list >

AND aaa port-access web-based [e] < port-list > OR aaa port-access mac-based [e] < port-list >

show config..aaa port-access authenticator B2aaa port-access authenticator B2 client-limit 18aaa port-access authenticator activeaaa port-access mac-based B2..

The Competition: Enterasys has addressed the problem by allowing multiple 802.1X sessions to concurrently run on a port, with client traffic ultimately filtered by authorized client

Enterasys allows concurrency between their 802.1X and Mac authentication features, however not between their 802.1x and Web Auth features.

Extreme Networks allows concurrency between their 802.1X and Web Auth features. They don’t have MAC auth feature.

Concurrent MAC/802.1X example

Configured to use 802.1X authentication

Data vlan = 2 (untagged)

IP Phone

Configured to use MAC authentication

Voice vlan = 50 (tagged)

5300 switch running E.09.xx code

Authenticates phone with MAC auth

Authenticates PC via 802.1X

802.1X Guest VLAN In earlier releases, a “friendly” client computer not running 802.1X supplicant software could not be authenticated on a port protected by 802.1X access security

As a result, the port would become blocked and the client could not access the network

802.1X Guest VLAN In earlier releases, a “friendly” client computer not running 802.1X supplicant software could not be authenticated on a port protected by 802.1X access security

This prevented the client from: ■ Acquiring IP addressing from a DHCP server ■ Downloading the 802.1X supplicant software necessary for an authentication session

802.1X Guest VLAN In earlier releases, a “friendly” client computer not running 802.1X supplicant software could not be authenticated on a port protected by 802.1x access security

This prevented the client from: ■ Acquiring IP addressing from a DHCP server ■ Downloading the 802.1X supplicant software necessary for an authentication session

Configuring the 802.1X Open VLAN mode on a port changes how the port responds when it detects a new client

802.1X Guest VLAN The 802.1X Open VLAN mode solves this problem by temporarily suspending the port’s static VLAN memberships and placing the port in a designated Unauthorized-Client VLAN

In this state the client can proceed with initialization services, such as acquiring IP addressing and 802.1X client software, and starting the authentication process

May want to set up DHCP server and a server that can download 802.1X supplicant on the guest VLAN

Still want to keep the radius server on a protected VLAN

802.1X Guest VLAN Use Models for 802.1X Open VLAN Modes; Unauthorized-Client VLAN Configure this VLAN when unauthenticated, friendly clients will need access to some services before being authenticated

Authorized-Client VLAN Configure this VLAN for authenticated clients to control the untagged VLAN membership

802.1X Guest VLAN summary Avoid using authorized client VLAN on ports with client-limit >1 unless all clients can operate on same untagged VLAN

All unauthenticated clients on an unauthorized client VLAN can communicate

With 802.1X authentication enabled:aaa port-access authenticator <port-list> [auth-vid <vlan-

With 802.1X authentication enabled:aaa port-access authenticator <port-list> [auth-vid <vlan-id>]

aaa port-access authenticator <port-list> [unauth-vid <vlan-id>]

With 802.1X authentication enabled:aaa port-access authenticator <port-list> [auth-vid <vlan-id>]

aaa port-access authenticator <port-list> [unauth-vid <vlan-id>]

Show config..aaa port-access authenticator B2 auth-vid 123..

Radius authorization for switch mgr login-Same feature as released in E.08.53

Eliminates login – enable – login again to gain mgr privilege• "[no] aaa authentication login privilege-mode" • Visible by "show running-config" and "show authentication" when

enabled• Radius server service-attribute type Administrative (6) is the

manager privilege level• Radius server service-attribute type NAS-prompt (7) is just the

operator level• Applies to attempts to login via serial console, telnet, or ssh

Q&A802.1X

UDP Directed Broadcast Forwarding

UDP Directed Broadcast ForwardingRouters don’t forward broadcasts generally, however it

may be desirable for example for DHCP, SNTP etc

UDP Directed Broadcast ForwardingRouters don’t forward broadcasts generally, however it may be

desirable for example for DHCP, SNTP etcOnly applies when routing is enabled

desirable for example for DHCP, SNTP etcOnly applies when routing is enabledIdentifies broadcast packet to be forwarded by UDP port number

desirable for example for DHCP, SNTP etcOnly applies when routing is enabledIdentifies broadcast packet to be forwarded by UDP port number Configured on a per-VLAN basis

desirable for example for DHCP, SNTP etcOnly applies when routing is enabledIdentifies broadcast packet to be forwarded by UDP port number Configured on a per-VLAN basisThe UDP forwarder contains a server address table for each configured VLAN. Each server entry contains an IP address and an associated UDP port. A broadcast packet received on the switch will be forwarded based on this configured table

desirable for example for DHCP, SNTP etcOnly applies when routing is enabledIdentifies broadcast packet to be forwarded by UDP port number Configured on a per-VLAN basisThe UDP forwarder contains a server address table for each configured VLAN. Each server entry contains an IP address and an associated UDP port. A broadcast packet received on the switch will be forwarded based on this configured tablePacket can be unicast forwarded to a specific host, or bcast forwarded to a destination subnet

UDP Directed Broadcast ForwardingPacket processing

A packet received on the switch will get forwarded if the following conditions are met

A packet received on the switch will get forwarded if the following conditions are met The received packet is a broadcast packet

A packet received on the switch will get forwarded if the following conditions are metThe received packet is a broadcast packetThe destination UDP port of the packet is present in the configured server table

A packet received on the switch will get forwarded if the following conditions are metThe received packet is a broadcast packetThe destination UDP port of the packet is present in the configured server tableThe configured server address is either a unicast or a subnet broadcast address

*DHCP forwarding is enabled by default on the 5300 with E.09.xx since this was the behavior in previous releases

UDP Directed Broadcast Forwarding[no] ip udp-bcast-forward

Enables broadcast forwarding on the switch

UDP Directed Broadcast Forwarding[no] ip udp-bcast-forwardEnables broadcast forwarding on the switch

[no] ip forward-protocol udp <IP-ADDR> <port-num>| <port-name>Configures a forwarding address for specific bcast type

UDP Directed Broadcast Forwarding[no] ip udp-bcast-forward

Enables broadcast forwarding on the switch

[no] ip forward-protocol udp <IP-ADDR> <port-num>| <port-name>Configures a forwarding address for specific bcast type

show ip forward-protocol [vlan <VLAN-ID>]Shows bcast forwarding configuration

802.1ab Link Layer Discovery Protocol (LLDP)

802.1ab Link Layer Discovery Protocol (LLDP) Standards based discovery protocol roughly

equivalent to the proprietary Cisco Discovery Protocol (CDP)

5300xl supports CDPv1 and LLDP with E.09.xx code

5300xl supports CDPv1 and LLDP with E.09.xx code 3400cl is the first ProCurve product to support only

5300xl supports CDPv1 and LLDP with E.09.xx code 3400cl is the first ProCurve product to support only LLDP LLDP sent and received

5300xl supports CDPv1 and LLDP with E.09.xx code 3400cl is the first ProCurve product to support only LLDP LLDP sent and received LLDP can be disabled (default enabled) not sent,

received, info not stored

5300xl supports CDPv1 and LLDP with E.09.xx code 3400cl is the first ProCurve product to support only LLDP LLDP sent and received LLDP can be disabled (default enabled) not sent, received,

info not stored ProCurve Manager today queries the CDP MIB via

SNMP (Later versions will read both CDP & LLDP MIBs (Version 2.0)

5300xl supports CDPv1 and LLDP with E.09.xx code 3400cl is the first ProCurve product to support only LLDP LLDP sent and received LLDP can be disabled (default enabled) not sent, received

info not stored ProCurve Manager today queries the CDP MIB via SNMP

(Later versions will read both CDP & LLDP MIBs (Version 2.0) 3400cl will NOT be discovered by any other PNB

product today• It will when LLDP ships on other products (incl.

PCM+)• Receives CDP packets and uses them to update

LLDP information

802.1ab Link Layer Discovery Protocol (LLDP) Operating Rules Port Trunking: LLDP manages trunked ports

individually

802.1ab Link Layer Discovery Protocol (LLDP) Operating Rules Port Trunking LLDP manages trunked ports individually Spanning-Tree Blocking: Spanning tree does not

prevent LLDP packet transmission or receipt on STP-blocked links

802.1ab Link Layer Discovery Protocol (LLDP) Operating Rules Port Trunking LLDP manages trunked ports individually Spanning-Tree Blocking Spanning tree does not prevent

LLDP packet transmission or receipt on STP-blocked links 802.1X Blocking: Ports blocked by 802.1X operation

do not allow transmission or receipt of LLDP packets

802.1ab Link Layer Discovery Protocol (LLDP) Operating Rules Port Trunking LLDP manages trunked ports individually Spanning-Tree Blocking Spanning tree does not prevent

LLDP packet transmission or receipt on STP-blocked links 802.1X Blocking Ports blocked by 802.1X operation do not

allow transmission or receipt of LLDP packets IP Address Advertisements: In the default operation,

if a port belongs to only one static VLAN, then the port advertises the lowest-order IP address configured on that VLAN. If a port belongs to multiple VLANs, then the port advertises the lowest-order IP address configured on the VLAN with the lowest VID. If the qualifying VLAN does not have an IP address, the port advertises 127.0.0.1 as its IP address

802.1ab Link Layer Discovery Protocol (LLDP)[no] lldp enable <PORT-LIST>

Configures ports to send/rec LLDP :default all enabled[no] lldp run

Starts sending and receiving LLDP :default on lldp interval <seconds>

LLDP transmit interval in seconds :default 30lldp holdtime-multiplier <integer>

Multiples of interval to keep an entry valid :default 4lldp clear

Flushes remote device informationshow lldp [<local-device|remote-devices> [<PORT_LIST>]

[detail] ]

802.1ab Link Layer Discovery Protocol (LLDP)

CDP and LLDP do not interact, they are configured independently, transmit and receive their own packets, and maintain separate neighbor tables

Multiple Configuration Files Allows storing of three configuration files

• Useful for saving a configuration file for pri/sec flash images• Commands should be familiar with addition of “filename”• # boot [system [flash <primary|secondary>] [config FILENAME]]• # copy config FILENAME tftp ... (tftp options)• # copy config FILENAME-1 config FILENAME-2• # copy tftp config FILENAME ... (tftp options)• # erase startup-config (no change)• # erase config FILENAME• # reload (no change)• # rename config FILENAME-1 FILENAME-2• # startup-default [<primary|secondary>] config FILENAME• # show config files

Multiple Configuration Files

Reboot command

Secondary boot path

Running config

Primary boot path

Startup config

Prior to E.09.xx, the same startup config wouldBe used regardless of whether you booted fromPrimary or secondary

Multiple Configuration Files

Reboot command

Secondary boot path

Running config

Primary boot path Startup configOptions

File1File2file3

With E.09.xx and newer code, it is possible to Store multiple config files on the switch and chooseWhich version to use for a image specific reboot policy:(# startup-default [<primary|secondary>] config FILENAME)

Multiple Configuration FilesHP ProCurve Switch 5304XL(config)# show config files

Configuration files:

id | act pri sec | name --+-------------+----------------------------------------- 1 | * | E0803 2 | * | crf_test 3 | * | E0901

Example shows that there is a config file named “E0803” associated with the primary boot path (pri flash), “E0901”Associated with the secondary boot path, and “crf_test” which is the active config file.

E.09.xx software update for the ProCurve 5300 series switch products

Documents

Transcript of E.09.xx software update for the ProCurve 5300 series switch products

!5300 0721 Supplement - whp-hou4.cold.extweb.hp.comwhp-hou4.cold.extweb.hp.com/pub/networking/software/59903083.pdf · Manual Supplement for the HP Procurve ... This su pple me nt

ProCurve in Campus

ProCurve Series 2810 Switches - whp …whp-aus2.cold.extweb.hp.com/pub/networking/software/2810-Adv... · Advanced Traffic Management Guide 2810 ProCurve Series 2810 Switches N.11.XX

ProCurve Switch zl Moduleswhp-hou9.cold.extweb.hp.com/pub/networking/softwar… · · 2006-04-14ProCurve Switch 5406zl J8697A ... ProCurve Switch zl Modules For the ProCurve Series

ProCurve VPN C lient and ProCurve Secure 7000dl Introductionwhp-aus2.cold.extweb.hp.com/.../Client-to-Site-VPN.pdf · 2005-05-26 · ProCurve VPN C lient and ProCurve Secure Router

Software Update C.07. XX Release Notes - Hewlett Packardwhp-hou9.cold.extweb.hp.com/pub/networking/software/59692305.pdf · HP ProCurve Switch 1600M, 2400M, 2424M, 4000M, and 8000M

ProCurve MSM765zl Mobility Controller - 群環科技 … docu… · · 2009-05-20HP ProCurve MSM765zl Mobility Controller J9370A HP ProCurve Switch 5406zl J8697A ... The HP ProCurve

HP ProCurve MSM7xx Controllers Management and ... · PDF fileManagement and Configuration Guide for HP HP ProCurve MSM7xx Controllers HP ProCurve MSM7xx Controllers Management and

Procurve 10 Download

Management and Configuration Guidewhp-hou9.cold.extweb.hp.com/pub/networking/software/2510-MgmtCfg-July... · Management and Configuration Guide 2510 ProCurve Switches Q.11.XX

ProCurve Switch zl Modules - Hewlett Packardwhp-hou9.cold.extweb.hp.com/pub/networking/software/5400zl-Mod… · ProCurve Switch zl Modules Features Features Figure 1. Example: ProCurve

HP ProCurve 1410-24G Switch Quick Setup Guide · HP ProCurve Networking Subject: Installing HP ProCurve 1410-24G Switches Created Date: 20090202125758Z ...

DuitNow Campaign' RM10 Sign Up Prize Winner List - Jan No ... · 187 p. lik chin xxxxxx-xx-5331 188 m. swee foong xxxxxx-xx-5300 189 e. joseph a/l adickalam xxxxxx-xx-5229 190 s.

SFlow Swithes Procurve

Management and Configuration Guidewhp-hou9.cold.extweb.hp.com/pub/networking/software/2500... · Management and Configuration Guide ProCurve Switches Software Release F.01.xx (Refer

Management and Configuration Guidewhp-aus1.cold.extweb.hp.com/pub/networking/software/2500... · Management and Configuration Guide ProCurve Switches Software Release F.01.xx (Refer

HP ProCurve Services zl Module - Fortinet Knowledge Basepub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/... · · 2009-11-25HP ProCurve Services zl Module . ... HP ProCurve

ProCurve Series 5400zl Switcheswhp-aus2.cold.extweb.hp.com/pub/networking/softwar… · · 2006-05-311-1 Introducing the ProCurve Series 5400zl Switches 1 Introducing the ProCurve

HP ProCurve and Riverbed Technology Alliance · PDF file · 2018-01-12HP ProCurve and Riverbed Technology Alliance Riverbed WAN optimization ... • HP ProCurve Switch 5406zl ...

ProCurve Network Management...ProCurve Manager installation disk. ProCurve Identity Driven Manager User’s Guide: Detailed informa-tion for configuring network access groups and policies.