Table 2.1: Ways to secure management access to HP devices (Continued)
Access method
Web management access
SNMP access
TFTP access
Restricting Remote Access to Management Functions
You can restrict access to management functions from remote sources, including Telnet, the Web management
interface, and SNMP. The following methods for restricting remote access are supported:
•
Using ACLs to restrict Telnet, Web management interface, or SNMP access
•
Allowing remote access only from specific IP addresses
•
Allowing remote access only to clients connected to a specific VLAN
•
Specifically disabling Telnet, Web management interface, or SNMP access to the device
June 2005
How the access
Ways to secure the access method
method is secured
by default
SNMP read or read-
Regulate Web management access using
write community
ACLs
strings
Allow Web management access only from
specific IP addresses
Allow Web management access only to clients
connected to a specific VLAN
Disable Web management access
Configure SSL security for the Web
management interface
Set up local user accounts
Establish SNMP read or read-write community
strings for SNMP versions 1 and 2
Establishing user groups for SNMP version 3
Configure TACACS/TACACS+ security
Configure RADIUS security
SNMP read or read-
Regulate SNMP access using ACLs
write community
Allow SNMP access only from specific IP
strings and the
addresses
password to the Super
User privilege level
Disable SNMP access
Note: SNMP read or
Allow SNMP access only to clients connected
read-write community
to a specific VLAN
strings are always
required for SNMP
Establish passwords to management levels of
access to the device.
the CLI
Set up local user accounts
Establish SNMP read or read-write community
strings
Not secured
Allow TFTP access only to clients connected
to a specific VLAN
Securing Access to Management Functions
See
page
2-5
2-8
2-9
2-10
2-19
2-16
10-1
10-7
2-20
2-38
2-5
2-8
2-11
2-9
2-14
2-16
2-20
2-9
2 - 3