Configuring Secure Socket Layer (SSL)

Configuring the Switch for SSL Operation

Enable SLL

and port number Selection

Figure 7-8. Using the web browser interface to enable SSL and select TCP port number

N o t e o n P o r t N u m b e r

C a u t i o n

ProCurve recommends using the default IP port number (443). However, you can use web-management ssl tcp-portto specify any TCP port for SSL connections except those reserved for other purposes. Examples of reserved IP ports are 23 (Telnet) and 80 (http). Some other reserved TCP ports on the switches are 49, 80, 1506, and 1513.

SSL does not protect the switch from unauthorized access via the Telnet, SNMP, or the serial port. While Telnet access can be restricted by the use of passwords local to the switch, if you are unsure of the security this provides, you may want to disable Telnet access (no telnet). If you need to increase SNMP security, use SNMP version 3 only for SNMP access. Another security measure is to use the Authorized IP Managers feature described in the switch’s Security Guide. To protect against unauthorized access to the serial port (and the Clear button, which removes local password protection), keep physical access to the switch restricted to authorized personnel.

7-20