KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

421

422

423

424

425

426

427

428

429

430

addresses. For example, a mask of 255.255.255.0 and any value for the Authorized Manager

IP parameter allows a range of 0 through 255 in the 4th octet of the authorized IP address, which

enables a block of up to 254 IP addresses for IP management access (excluding 0 for the network

and 255 for broadcasts). A mask of 255.255.255.252 uses the 4th octet of a given Authorized

Manager IP address to authorize four IP addresses for management station access. The details on

how to use IP masks are provided under “Building IP Masks: Configuring one station per Authorized

Manager IP entry” (page 417).

NOTE: The IP Mask is a method for recognizing whether a given IP address is authorized for

management access to the switch. This mask serves a different purpose than IP subnet masks and

is applied in a different manner.

Operating notes

• Network Security Precautions

Enhance your network's security by keeping physical access to the switch restricted to

authorized personnel, using the password features built into the switch, using the additional

security features described in this manual, and preventing unauthorized access to data

on your management stations.

Modem and Direct Console Access

Configuring authorized IP managers does not protect against access to the switch through

a modem or direct Console (RS-232) port connection.

Duplicate IP Addresses

If the IP address configured in an authorized management station is also configured (or

"spoofed") in another station, the other station can gain management access to the switch

even though a duplicate IP address condition exists.

Web Proxy Servers

If you use the WebAgent to access the switch from an authorized IP manager station, it

is recommended that you avoid the use of a web proxy server in the path between the

station and the switch. This is because switch access through a web proxy server requires

that you first add the web proxy server to the Authorized Manager IP list. This reduces

security by opening switch access to anyone who uses the web proxy server. The following

two options outline how to eliminate a web proxy server from the path between a station

and the switch:

• :

Even if you need proxy server access enabled in order to use other applications, you can

still eliminate proxy service for web access to the switch. To do so, add the IP address or

•

DNS name of the switch to the non-proxy, or "Exceptions" list in the web browser interface

you are using on the authorized station.

• If you don't need proxy server access at all on the authorized station, then just disable

the proxy server feature in the station's web browser interface.

NOTE: IP or MAC authentication can be used without a web proxy server.

Using a Web Proxy Server to Access the WebAgent

CAUTION: This is NOT recommended. Using a web proxy server between the stations and the

switch poses a security risk. If the station uses a web proxy server to connect to the switch, any

proxy user can access the switch.

Overview 421