KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

411

412

413

414

415

416

417

418

419

420

When configured in the switch, the Authorized IP Managers feature takes precedence over local

passwords, TACACS+, and RADIUS. This means that the IP address of a networked management

device must be authorized before the switch will attempt to authenticate the device by invoking

any other access security features. If the Authorized IP Managers feature disallows access to the

device, then access is denied. Thus, with authorized IP managers configured, having the correct

passwords is not sufficient for accessing the switch through the network unless the station attempting

access is also included in the switch Authorized IP Managers configuration.

Use Authorized IP Managers along with other access security features to provide a more

comprehensive security fabric than if you use only one or two security options.

NOTE: When no Authorized IP Manager rules are configured, the access method feature is

disabled and access is not denied.

For each authorized manager address, you can configure either of these access levels:

• Manager

Enables full access to all screens for viewing, configuration, and all other operations

available.

• Operator

Allows read-only access. (This is the same access that is allowed by the switch operator-level

password feature.)

Configure up to 100 authorized manager addresses, where each address applies to either a single

management station or a group of stations

CAUTION: Configuring Authorized IP Managers does not protect access to the switch through

a modem or direct connection to the Console (RS-232) port. Also, if an unauthorized station "spoofs"

an authorized IP address, it can gain management access to the switch even though a duplicate

IP address condition exists. For these reasons, you should enhance your network's security by

keeping physical access to the switch restricted to authorized personnel, using the

username/password and other security features available in the switch, and preventing unauthorized

access to data on your management stations.

About using authorized IP Managers

The Authorized IP Managers feature uses IP addresses and masks to determine which stations (PCs

or workstations) can access the switch through the network. This covers access through the following

means:

• Telnet and other terminal emulation applications

• The WebAgent –

• SSH

• SNMP versions 1, 2 and 3(with a correct community name)

• TFTP

Also, when configured in the switch, the Authorized IP Managers feature takes precedence over

local passwords, TACACS+, and RADIUS. This means that the IP address of a networked

management device must be authorized before the switch will attempt to authenticate the device

by invoking any other access security features. If the Authorized IP Managers feature disallows

access to the device, then access is denied. Thus, with authorized IP managers configured, having

the correct passwords is not sufficient for accessing the switch through the network unless the station

attempting access is also included in the switch’s Authorized IP Managers configuration.

You can use Authorized IP Managers along with other access security features to provide a more

comprehensive security fabric than if you use only one or two security options.

Overview 419