HP ProCurve 9304M Security Manual page 23

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

ProCurveRS(config)# web access-group 10 vlan 3

ProCurveRS(config)# snmp-server community private rw 10 vlan 3

In this example, a Layer 3 VLAN is configured as a remote-access management VLAN and a router interface. The

IP address specified for the router interface becomes the management IP address of the VLAN.

When you make changes to the ACL configuration and/or make changes to the management VLAN, you must

enter the following command after making the configuration changes:

ProCurveRS(config)# remote-management rebind

Syntax: remote-management rebind

The show cam l4 command displays the following information about the hardware filtering in this configuration:

ProCurveRS# show cam l4 3/1

Sl Index

Src IP_Addr

3 40960

192.64.22.254/32

3 40962

192.168.12.254/32

3 40964

192.168.2.254/32

3 40966

10.10.11.254/32

3 40968

The IP address in standard ACL 10 is the source IP address of the filter entry, and the IP address of the router

interface is the destination IP address of the filter entry.

Restricting Remote Access to the Device to Specific IP Addresses

By default, an HP device does not control remote management access based on the IP address of the managing

device. You can restrict remote management access to a single IP address for the following access methods:

•

Telnet access

•

Web management access

•

SNMP access

In addition, if you want to restrict all three access methods to the same IP address, you can do so using a single

command.

The following examples show the CLI commands for restricting remote access. You can specify only one IP

address with each command. However, you can enter each command ten times to specify up to ten IP addresses.

NOTE: You cannot restrict remote management access using the Web management interface.

Restricting Telnet Access to a Specific IP Address

To allow Telnet access to the HP device only to the host with IP address 209.157.22.39, enter the following

command:

ProCurveRS(config)# telnet-client 209.157.22.39

Syntax: [no] telnet-client <ip-addr>

Restricting SSH Access to a Specific IP Address

To allow SSH access to the HP device only to the host with IP address 209.157.22.39, enter the following

command:

ProCurveRS(config)# ip ssh client 209.157.22.39

Syntax: [no] ip ssh client <ip-addr>

June 2005

SPort

Dest IP_Addr

Any

10.10.11.1/24

Any

10.10.11.1/24

Any

10.10.11.1/24

Any

10.10.11.1/24

Any

10.10.11.1/24

Securing Access to Management Functions

DPort Prot Age

TCP dis

Use L2/L3

TCP dis

Use L2/L3

TCP dis

Use L2/L3

TCP dis

Use L2/L3

TCP dis

Out Port

Discard

2 - 7

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 23

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents