IPv6 Management Security Features

Authorized IP Managers for IPv6

You configure each authorized manager address with Manager or Opera- tor-level privilege to access the switch in a Telnet, SNMPv1, or SNMPv2c session. (Access privilege for SSH, SNMPv3, and web browser sessions are configured through the access application, not through the Authorized IP Managers feature.)

Manager privilege allows full access to all web browser and console interface screens for viewing, configuration, and all other operations available in these interfaces.

Operator privilege allows read-only access from the web browser and console interfaces.

When you configure station access to the switch using the Authorized IP Managers feature, the settings take precedence over the access config- ured with local passwords, TACACS+ servers, RADIUS-assigned settings, port-based (802.1X) authentication, and port security settings.

As a result, the IPv6 address of a networked management device must be configured with the Authorized IP Managers feature before the switch can authenticate the device using the configured settings from other access security features. If the Authorized IP Managers feature disallows access to the device, then access is denied. Therefore, with authorized IP man- agers configured, logging in with the correct passwords is not sufficient to access a switch through the network unless the station requesting access is also authorized in the switch’s Authorized IP Managers config- uration.

6-4

Page 132
Image 132
HP IPv6 6200yl, IPv6 2900, IPv6 5400zl, IPv6 3500yl manual IPv6 Management Security Features