Overview - HP 4108GL Management And Configuration Manual

Using Authorized IP Managers for Increased Management Security

Overview

Overview

The Authorized IP Managers feature enhances security on the switch by using
IP addresses and masks to determine which stations (PCs or workstations)
can access the switch through the network. This covers access through the
following means:
Thus, with authorized IP managers configured, having the correct passwords
is not sufficient for accessing the switch through the network unless the
station attempting access is also included in the switch's Authorized IP
Managers configuration.
You can use Authorized IP Managers, local passwords (page 9-3), and
TACACS+ () to provide a more comprehensive security fabric than if you use
only one or two of these options. Table 10-1 lists these features with the
security coverage they provide.
Table 10-1. Management Access Security Features
Table 10-1 shows the protection each security feature offers for a given type
of access, and the hierarchy the switch applies when using security features
to process access attempts. For example, the switch provides Telnet manage-
ment access security as follows:
1.
10-2
– Telnet
– The switch's web browser interface
– SNMP (with a correct community name)
– File transfers using TFTP (for configurations and software
updates)
Security Features in Order
of Implementation
Authorized IP Mgrs.
TACACS+
Local Manager and Operator
User-Names and Passwords
If the switch has an Authorized IP Managers list, the management station
must be included in this list.
• If the station is not authorized, the switch denies access.
• If the switch has no Authorized IP Manager list, then the switch uses
TACACS+ authentication, if configured and available (step 2, below).
Supported Management Access Protection
Serial Telnet SNMP
Port (Net Mgmt)
No Yes Yes
Yes Yes No
Yes Yes No
TFTP Web
Browser
Yes Yes
No No
No Yes