C a u t i o n
Options
You can configure:
■
Up to 10 authorized manager addresses, where each address applies to
either a single management station or a group of stations
Manager or Operator access privileges (for Telnet, SNMPv1, and
■
SNMPv2c access only)
Configuring Authorized IP Managers does not protect access to the switch
through a modem or direct connection to the Console (RS-232) port. Also, if
an unauthorized station "spoofs" an authorized IP address, it can gain man-
agement access to the switch even though a duplicate IP address condition
exists. For these reasons, you should enhance your network's security by
keeping physical access to the switch restricted to authorized personnel, using
the username/password and other security features available in the switch,
and preventing unauthorized access to data on your management stations.
Access Levels
The Authorized IP Manager feature can assign an access level to stations using
Telnet, SNMPv1, or SNMPv2c for switch access. The access level the switch
allows for authorized stations using SSH, SNMPv3, or the web browser
interface is determined by the access application itself, and not by the Autho-
rized IP Manager feature. The IP Authorized list does not enforce access rights
because SSH, the Web Agent (SSL) and SNMPv3 have much better access
control mechanisms than an IP address alone. For example, SNMPv3 has
access control down to the user level as well as authentication and encryption
for data integrity.
Using Authorized IP Managers
Options
11-3