Setting Up Security for a Device

Switch Port Security

Parameter

Description

 

 

Authorized Address

Appears when Learn Mode is set to Static. Enables you to enter up to eight

 

authorized devices (MAC addresses) per port, depending on the value

 

specified in the Address Limits field. If you enter fewer devices than you

 

specified in the Address Limits field, the port learns the remaining

 

addresses from the inbound traffic it receives. For example, if you specify

 

four devices, but enter only two MAC addresses, the first two (non-

 

specified) devices subsequently detected on the port will be added to the

 

Authorized Address list, and all subsequent (non-specified) devices

 

detected on the port will be handled as “unauthorized”.

 

Caution: If you enter fewer devices (MAC addresses) than specified in the

 

Address Limits parameter, it is possible to unintentionally allow a device

 

to become “authorized” that you do not want to include in your Authorized

 

Address list. This can occur because the port, in order to fulfill the number

 

of devices allowed by the Address Limits parameter, will automatically add

 

devices it detects until the specified limit is reached. For this reason it is

 

recommended that you configure the Address Limit to allow only as many

 

devices as you plan to type in to the Authorized Addresses list.

 

 

N o t e

N o t e

Configuring Authorized IP Managers

This feature enables you to enhance security on the switch by using IP addresses to authorize which stations (PCs or workstations) are allowed to:

Access the switch's web browser interface

Telnet into the switch's console interface

Perform TFTP transfers of configurations and software updates into the switch

This feature does not affect SNMP access to the switch by SNMP-authorized managements stations. SNMP access is protected by community names and an independent SNMP Authorized Manager list.

You can configure up to 10 authorized manager addresses, where each address applies to a single management station or a group of stations, or a Manager or Operator access level.

This feature does not protect access to the switch through a modem or direct Console (RS-232) port connection. Also, if the IP address assigned to an authorized management station is configured in another station, the other station can gain management access to the switch even though a duplicate IP address condition exists. For these reasons, you should enhance your network’s security by keeping physical access to the switch restricted to authorized personnel, using the password features built into the switch, and preventing unauthorized access to data on your management stations.

14-14

Page 193 Page 195
Page 194
Image 194
HP Networking TopTool Products manual Configuring Authorized IP Managers, 14-14
Page 193 Page 195
Top Page Image Contents