BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
42 Chapter 1: Accessing the Switch BMD00113, September 2009
Setting Allowable Source IP Address Ranges
To limit access to the switch without having to configure filters for each switch port, you can set a
source IP address (or range) that will be allowed to connect to the switch IP interface through
Telnet, SSH, SNMP, or the switch browser-based interface (BBI).
When an IP packet reaches the application switch, the source IP address is checked against the
range of addresses defined by the management network and management mask. If the source IP
address of the host or hosts is within this range, it is allowed to attempt to log in. Any packet
addressed to a switch IP interface with a source IP address outside this range is discarded.
Configuring an IP Address range for the Management Network
Configure the management network IP address and mask from the System Menu in the CLI. For
example:
In this example, the management network is set to 192.192.192.0 and management mask is set to
255.255.255.128. This defines the following range of allowed IP addresses: 192.192.192.1 to
192.192.192.127.
The following source IP addresses are granted or not granted access to the switch:
A host with a source IP address of 192.192.192.21 falls within the defined range and would be
allowed to access the switch.
A host with a source IP address of 192.192.192.192 falls outside the defined range and is not
granted access. To make this source IP address valid, you would need to shift the host to an IP
address within the valid range specified by the mnet and mmask or modify the mnet to be
192.192.192.128 and the mmask to be 255.255.255.128. This would put the 192.192.192.192
host within the valid range allowed by the mnet and mmask (192.192.192.128–255).
>> Main# /cfg/sys/access/mgmt/add
Enter Management Network Address: 192.192.192.0
Enter Management Network Mask: 255.255.255.128