HP 6120G/XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 587
Additional Examples for Authorizing Multiple Stations, Operating Notes, Network Security Precautions
View all HP 6120G/XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 587 highlights
Using Authorized IP Managers Operating Notes Additional Examples for Authorizing Multiple Stations IP Mask Authorized Manager IP IP Mask Authorized Manager IP Entries for Authorized Results Manager List 255 255 0 255 10 33 248 1 This combination specifies an authorized IP address of 10.33.xxx.1. It could be applied, for example, to a subnetted network where each subnet is defined by the third octet and includes a management station defined by the value of "1" in the fourth octet of the station's IP address. 255 238 255 250 Allows 230, 231, 246, and 247 in the 2nd octet, and 194, 195, 198, 199 in the 4th octet. 10 247 100 195 Operating Notes ■ Network Security Precautions: You can enhance your network's secu rity by keeping physical access to the switch restricted to authorized personnel, using the password features built into the switch, using the additional security features described in this manual, and preventing unauthorized access to data on your management stations. ■ Modem and Direct Console Access: Configuring authorized IP manag ers does not protect against access to the switch through a modem or direct Console (RS-232) port connection. ■ Duplicate IP Addresses: If the IP address configured in an authorized management station is also configured (or "spoofed") in another station, the other station can gain management access to the switch even though a duplicate IP address condition exists. ■ Web Proxy Servers: If you use the web browser interface to access the switch from an authorized IP manager station, it is recommended that you avoid the use of a web proxy server in the path between the station and the switch. This is because switch access through a web proxy server requires that you first add the web proxy server to the Authorized Manager IP list. This reduces security by opening switch access to anyone who uses the web proxy server. The following two options outline how to eliminate a web proxy server from the path between a station and the switch: 14-13