Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

Table 47 Access Security and Switch Authentication Features (continued)

More information and configuration

details

Security guidelinesDefault settingFeature

preventing unauthorized SNMP

access should be a key element of

your network security strategy.

“Authorized IP Managers”

(page 413)

This feature uses IP addresses and

masks to determine whether to

noneAuthorized IP

Managers

allow management access to the

switch across the network through

the following :

• Telnet and other terminal

emulation applications

• The WebAgent

• SNMP (with a correct

community name)

See "Static Virtual LANs (VLANs)"

in the Advanced Traffic

Management Guide for your switch

This feature creates an isolated

network for managing the HP

switches that offer this feature.

disabledSecure Management

VLAN

When a secure management

VLAN is enabled, CLI, Menu

interface, and WebAgent access

is restricted to ports configured as

members of the VLAN.

“Access Control Lists

(ACLs)” (page 445)“IPv4 Access

Control Lists (ACLs)” (page 259)

ACLs can also be configured to

protect management access by

blocking inbound IP traffic that has

noneACLs for Management

Access Protection

the switch itself as the destination

IP address.

“TACACS+ Authentication”

(page 122)

This application uses a central

server to allow or deny access to

disabledTACACS+

Authentication

TACACS-aware devices in your

network. TACACS+ uses

username/password sets with

associated privilege levels to grant

or deny access through either the

switch serial (console) port or

remotely, with Telnet.

If the switch fails to connect to a

TACACS+ server for the necessary

authentication service, it defaults

to its own locally configured

passwords for authentication

control. TACACS+ allows both

login (read-only) and enable

(read/write) privilege level access.

“RADIUS Authentication,

Authorization, and Accounting”

(page 141)

For each authorized client,

RADIUS can be used to

authenticate operator or manager

disabledRADIUS Authentication

access privileges on the switch via

the serial port (CLI and Menu

interface), Telnet, SSH, and Secure

FTP/Secure Copy (SFTP/SCP)

access methods.

Using HP switch security features 443