Configuring Authorized Ip Managers - HP proCurve User Manual

Setting Up Security for a Device
Switch Port Security
N o t e
N o t e
14-14
Parameter
Authorized Address

Configuring Authorized IP Managers

This feature enables you to enhance security on the switch by using IP
addresses to authorize which stations (PCs or workstations) are allowed to:
Access the switch's web browser interface
I
I Telnet into the switch's console interface
I Perform TFTP transfers of configurations and software updates into the
switch
This feature does not affect SNMP access to the switch by SNMP-authorized
managements stations. SNMP access is protected by community names and
an independent SNMP Authorized Manager list.
You can configure up to 10 authorized manager addresses, where each address
applies to a single management station or a group of stations, or a Manager or
Operator access level.
This feature does not protect access to the switch through a modem or direct
Console (RS-232) port connection. Also, if the IP address assigned to an
authorized management station is configured in another station, the other
station can gain management access to the switch even though a duplicate IP
address condition exists. For these reasons, you should enhance your
network's security by keeping physical access to the switch restricted to
authorized personnel, using the password features built into the switch, and
preventing unauthorized access to data on your management stations.
Description
Appears when Learn Mode is set to Static. Enables you to enter up to eight
authorized devices (MAC addresses) per port, depending on the value
specified in the Address Limits field. If you enter fewer devices than you
specified in the Address Limits field, the port learns the remaining
addresses from the inbound traffic it receives. For example, if you specify
four devices, but enter only two MAC addresses, the first two (non-
specified) devices subsequently detected on the port will be added to the
Authorized Address list, and all subsequent (non-specified) devices
detected on the port will be handled as "unauthorized".
Caution: If you enter fewer devices (MAC addresses) than specified in the
Address Limits parameter, it is possible to unintentionally allow a device
to become "authorized" that you do not want to include in your Authorized
Address list. This can occur because the port, in order to fulfill the number
of devices allowed by the Address Limits parameter, will automatically add
devices it detects until the specified limit is reached. For this reason it is
recommended that you configure the Address Limit to allow only as many
devices as you plan to type in to the Authorized Addresses list.