10-2
Using Authorized IP Managers for Increased Management Security
Overview
Using Authorized IP
Managers
Overview
The Authorized IP Managers feature enhances security on the switc h by using
IP addresses and masks to determine which stations (PCs or workstations)
can access the switch through the network. This covers access through the
following means:
–Teln et
–The switch’s web browser interface
–SNMP (with a correct community name)
–File transfers using TFTP (for configurations and software
updates)
Thus, with authorized IP managers configured, having the correc t passwords
is not sufficient for accessing the switch through the network unless the
station attempting access is also included in the switch’s Authorized IP
Managers configuration.
You can use Authorized IP Managers, local passwords (page 9-3), and
TACACS+ () to provide a more comprehensive security fabric than if you use
only one or two of these options. Table 10-1 lists these features with the
security coverage they provide.
Table 10-1. Management Access Security Features
Table 10-1 shows the protection each security feature offers for a given type
of access, and the hierarchy the switch a pplies when using security features
to process access attempts. For example, the switch provides Telnet manage-
ment access security as follows:
1. If the switch has an Authorized IP Managers list, the management station
must be included in this list.
•If the station is not authorized, the switch denies access.
•If the switch has no Authorized IP Manager list, then the switch uses
TACACS+ authentication, if configured and available (step 2, below).
Security Features in Order
of Implementation
Supported Management Access Protection
Serial
Port
Teln et SNMP
(Net Mgmt)
TFTP Web
Browser
Authorized IP Mgrs. No Yes Yes Yes Yes
TACACS+ Yes Yes No No No
Local Manager and Operator
User-Names and Passwords
Yes Yes No No Yes