Additional Examples For Authorizing Multiple Stations; Operating And Troubleshooting Notes - HP ProCurve series 2500 Management And Configuration Manual
Procurve 2500 series
Hide thumbs
Also See for HP ProCurve series 2500:
- Quick reference manual (44 pages) ,
- Read me first (8 pages) ,
- Supplementary manual (2 pages)
Table of Contents
Advertisement
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access
Additional Examples for Authorizing Multiple Stations
Entries for Authorized
Manager List
IP Mask
255 255 0
Authorized
10
33
248 1
Manager IP
IP Mask
255 238 255 250
Authorized
10
247 100 195
Manager IP
Operating and Troubleshooting Notes
I
I
I
I
Results
255
This combination specifies an authorized IP address of 10.33.xxx.1. It could be
applied, for example, to a subnetted network where each subnet is defined by the
third octet and includes a management station defined by the value of "1" in the
fourth octet of the station's IP address.
Allows 230, 231, 246, and 247 in the 2nd octet, and 194, 195, 198, 199 in the 4th octet.
Network Security Precautions: You can enhance your network's secu-
rity by keeping physical access to the switch restricted to authorized
personnel, using the password features built into the switch, and prevent-
ing unauthorized access to data on your management stations.
Modem and Direct Console Access: Configuring authorized IP manag-
ers does not protect against access to the switch through a modem or
direct Console (RS-232) port connection.
Duplicate IP Addresses: If the IP address configured in an authorized
management station is also configured in another station, the other station
can gain management access to the switch even though a duplicate IP
address condition exists.
Web Proxy Servers: If you use the web browser interface to access the
switch from an authorized IP manager station, it is recommended that you
avoid the use of a web proxy server in the path between the station and
the switch. This is because switch access through a web proxy server
requires that you first add the web proxy server to the Authorized Manager
IP list. This reduces security by opening switch access to anyone who
uses the web proxy server. The following two options outline how to
eliminate a web proxy server from the path between a station and the
switch:
•
Even if you need proxy server access enabled in order to use
other applications, you can still eliminate proxy service for web
access to the switch. To do so, add the IP address or DNS name
of the switch to the non-proxy, or "Exceptions" list in the web
browser interface you are using on the authorized station.
•
If you don't need proxy server access at all on the authorized
station, then just disable the proxy server feature in the station's
web browser interface.
Using IP Authorized Managers
7-39
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
