ProCurve Switches 2512 and 2524 Management and Configuration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

171

172

173

174

175

176

177

178

179

180

7-39

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Using Passwords, Port

Security, and Authorized IP

Additional Examples for Authorizing Multiple Stations

Operating and Troubleshooting Notes

■ Network Security Precautions: You can enhance your network’s secu-

rity by keeping physical access to the switch restricted to authorized

personnel, using the password features built into the switch, and prevent-

ing unauthorized access to data on your management stations.

■ Modem and Direct Console Access: Configuring authorized IP manag-

ers does not protect against access to the switch through a modem or

direct Console (RS-232) port connection.

■ Duplicate IP Addresses: If the IP address configured in an authorized

management station is also configured in another station, the other station

can gain management access to the switch even though a duplicate IP

address condition exists.

■ Web Proxy Servers: If you use the web browser interface to access the

switch from an authorized IP manager station, it is recommended that you

avoid the use of a web proxy server in the path between the station and

the switch. This is because switch access through a web proxy server

requires that you first add the web proxy server to the Authorized Manager

IP list. This reduces security by opening switch access to anyone who

uses the web proxy server. The following two options outline how to

eliminate a web proxy server from the path between a station and the

switch:

• Even if you need proxy server access enabled in order to use

other applications, you can still eliminate proxy service for web

access to the switch. To do so, add the IP address or DNS name

of the switch to the non-proxy, or “Exceptions” list in the web

browser interface you are using on the authorized station.

• If you don’t need proxy server access at all on the authorized

station, then just disable the proxy server feature in the station’s

web browser interface.

Entries for Authorized

Manager List

Results

IP Mask 255 255 0 255 This combination specifies an authorized IP address of 10.33.xxx.1. It could be

applied, for example, to a subnetted network where each subnet is defined by the

third octet and includes a management station defined by the value of “1” in the

fourth octet of the station’s IP address.

Authorized

Manager IP

10 33 248 1

IP Mask 255 238 255 250 Allows 230, 231, 246, and 247 in the 2nd octet, and 194, 195, 198, 199 in the 4th octet.

Authorized

Manager IP

10 247 100 195