HP ProCurve 9304M Security Manual page 20

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

The following sections describe how to restrict remote access to an HP device using these methods.

Using ACLs to Restrict Remote Access

You can use standard ACLs to control the following access methods to management functions on an HP device:

•

Telnet access

•

SSH access

•

Web management access

•

SNMP access

To configure access control for these management access methods:

1. Configure an ACL with the IP addresses you want to allow to access the device

2. Configure a Telnet access group, SSH access group, web access group, and SNMP community strings. Each

of these configuration items accepts an ACL as a parameter. The ACL contains entries that identify the IP

addresses that can use the access method.

The following sections present examples of how to secure management access using ACLs. See the "IP Access

Control Lists (ACLs)" chapter in the Advanced Configuration and Management Guide for ProCurve 9300/9400

Series Routing Switches for more information on configuring ACLs.

NOTE: In releases prior to 07.7.00, ACL filtering for remote management access was done in software (that is,

by the CPU). Starting with release 07.7.00, you can configure EP devices to perform the filtering in hardware.

See "Hardware Filtering for Remote Management Access ( EP Devices Running Release 07.7.00 and Higher)" on

page 2-6.

Using an ACL to Restrict Telnet Access

To configure an ACL that restricts Telnet access to the device, enter commands such as the following:

ProCurveRS(config)# access-list 10 deny host 209.157.22.32 log

ProCurveRS(config)# access-list 10 deny 209.157.23.0 0.0.0.255 log

ProCurveRS(config)# access-list 10 deny 209.157.24.0 0.0.0.255 log

ProCurveRS(config)# access-list 10 deny 209.157.25.0/24 log

ProCurveRS(config)# access-list 10 permit any

ProCurveRS(config)# telnet access-group 10

ProCurveRS(config)# write memory

Syntax: telnet access-group <num>

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

The commands above configure ACL 10, then apply the ACL as the access list for Telnet access. The device

allows Telnet access to all IP addresses except those listed in ACL 10.

To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end of the ACL.

For example:

ProCurveRS(config)# access-list 10 permit host 209.157.22.32

ProCurveRS(config)# access-list 10 permit 209.157.23.0 0.0.0.255

ProCurveRS(config)# access-list 10 permit 209.157.24.0 0.0.0.255

ProCurveRS(config)# access-list 10 permit 209.157.25.0/24

ProCurveRS(config)# telnet access-group 10

ProCurveRS(config)# write memory

The ACL in this example permits Telnet access only to the IP addresses in the permit entries and denies Telnet

access from all other IP addresses.

2 - 4

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 20

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents