HP ProCurve 9304M Security Manual page 22

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

NOTE: The syntax for using ACLs for SNMP access is different from the syntax for controlling Telnet, SSH, and

Web management access using ACLs.

ProCurveRS(config)# access-list 25 deny host 209.157.22.98 log

ProCurveRS(config)# access-list 25 deny 209.157.23.0 0.0.0.255 log

ProCurveRS(config)# access-list 25 deny 209.157.24.0 0.0.0.255 log

ProCurveRS(config)# access-list 25 permit any

ProCurveRS(config)# access-list 30 deny 209.157.25.0 0.0.0.255 log

ProCurveRS(config)# access-list 30 deny 209.157.26.0/24 log

ProCurveRS(config)# access-list 30 permit any

ProCurveRS(config)# snmp-server community public ro 25

ProCurveRS(config)# snmp-server community private rw 30

ProCurveRS(config)# write memory

Syntax: snmp-server community <string> ro | rw <num>

The <string> parameter specifies the SNMP community string the user must enter to gain SNMP access.

The ro parameter indicates that the community string is for read-only ("get") access. The rw parameter indicates

the community string is for read-write ("set") access.

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

These commands configure ACLs 25 and 30, then apply the ACLs to community strings.

ACL 25 is used to control read-only access using the "public" community string. ACL 30 is used to control read

write access using the "private" community string.

NOTE: When snmp-server community is configured, all incoming SNMP packets are validated first by their

community strings and then by their bound ACLs. Before software release 07.7.00, packets are denied if filters are

not configured for an ACL. Beginning with software release 07.7.00, packets are permitted if no filters are

configured for an ACL.

Hardware Filtering for Remote Management Access ( EP Devices Running Release 07.7.00 and

Higher)

In releases prior to 07.7.00, ACL filtering for remote management access was done in software (that is, by the

CPU). Starting with release 07.7.00, you can configure EP devices to perform the filtering in hardware.

Configuring Hardware-Based Remote Access Filtering on Routing Switches

The following is an example of configuring an EP Routing Switch to perform hardware filtering for Telnet access.

ProCurveRS(config)# vlan 3 by port

ProCurveRS(config-vlan-3)# untagged ethe 3/1 to 3/5

ProCurveRS(config-vlan-3)# router-interface ve 3

ProCurveRS(config-vlan-3)# exit

ProCurveRS(config)# interface ve 3

ProCurveRS(config-ve-1)# ip address 10.10.11.1 255.255.255.0

ProCurveRS(config-ve-1)# exit

ProCurveRS(config)# access-list 10 permit host 10.10.11.254

ProCurveRS(config)# access-list 10 permit host 192.168.2.254

ProCurveRS(config)# access-list 10 permit host 192.168.12.254

ProCurveRS(config)# access-list 10 permit host 192.64.22.254

ProCurveRS(config)# access-list 10 deny any

ProCurveRS(config)# telnet access-group 10 vlan 3

ProCurveRS(config)# ssh access-group 10 vlan 3

2 - 6

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 22

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents