Port IP

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

 

 

Table 7-3.

Analysis of IP Mask for Multiple-Station Entries

 

 

 

 

 

 

 

 

 

1st

2nd

3rd

4th

Manager-Level or Operator-Level Device Access

 

Octet

Octet

Octet

Octet

 

 

 

IP Mask

255

255

255

0

The “255” in the first three octets of the mask specify that only the exact

Authorized

10

28

227

125

value in the octet of the corresponding IP address is allowed. However,

the zero (0) in the 4th octet of the mask allows any value between 0 and

Manager IP

 

 

 

 

 

 

 

 

255 in that octet of the corresponding IP address. This mask allows switch

 

 

 

 

 

 

 

 

 

 

access to any device having an IP address of 10.28.227.xxx, where xxx is

 

 

 

 

 

any value from 0 to 255.

 

 

 

 

 

 

IP Mask

255

255

255

249

In this example (figure 7-16,below), the IP mask allows a group of up to

Authorized

10

28

227

125

4 management stations to access the switch. This is useful if the only

devices in the IP address group allowed by the mask are management

IP Address

 

 

 

 

 

 

 

 

stations. The “249” in the 4th octet means that bits 0 and 3 - 7 of the 4th

 

 

 

 

 

 

 

 

 

 

octet are fixed. Conversely, bits 1 and 2 of the 4th octet are variable. Any

 

 

 

 

 

value that matches the authorized IP address settings for the fixed bits is

 

 

 

 

 

allowed for the purposes of IP management station access to the switch.

 

 

 

 

 

Thus, any management station having an IP address of 10.28.227.121, 123,

 

 

 

 

 

125, or 127 can access the switch.

 

 

 

 

 

 

 

 

 

 

 

 

4th Octet of IP Mask:

 

249

 

 

 

4th Octet of Authorized IP Address: 5

 

 

 

 

 

 

 

 

 

 

 

 

Using Passwords, Security, and Authorized

Bit Numbers

Bit

 

Bit

 

Bit

 

Bit

 

Bit

 

Bit

 

7

6

5

4

3

2

Bit Values

128

64

32

16

8

4

4th Octet of

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IP Mask (249)

 

 

 

 

 

 

 

 

 

 

 

4th Octet of

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

IPAuthorized

 

 

 

 

 

 

 

 

 

 

 

Address (125)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Bit 1

2

Bit 0

1

Bits 1 and 2 in the mask are “off”, and bits 0 and 3

-7 are “on”, creating a value of 249 in the 4th octet of the mask.

Where a mask bit is “on”, the corresponding bit setting in the address of a potentially authorized station must match the IP Authorized Address setting for that same bit. Where a mask bit is “off” the corresponding bit setting in the address can be either “on” or “off”. In this example, in order for a station to be authorized to access the switch:

The first three octets of the station’s IP address must match the Authorized IP Address.

Bit 0 and Bits 3 through 6 of the 4th octet in the station’s address must be “on” (value = 1).

Bit 7 of the 4th octet in the station’s address must be “off” (value = 0).

Bits 1 and 2 can be either “on” or “off”.

This means that stations with the IP address 13.28.227.X (where X is 121, 123, 125, or 127) are authorized.

Figure 7-16. Example of How the Bitmap in the IP Mask Defines Authorized Manager Addresses

7-36

Page 156
Image 156
SMC Networks SMC6624M manual Port IP, Analysis of IP Mask for Multiple-Station Entries

SMC6624M specifications

SMC Networks SMC6624M is a robust and versatile managed switch designed to meet the needs of enterprises seeking reliable network solutions. This device features 24 Gigabit Ethernet ports that allow for high-speed data transfer, making it ideal for environments that demand high bandwidth. The SMC6624M is particularly suited for small to medium-sized businesses that require a powerful network backbone to support various applications, including voice, video, and data transmission.

One of the standout features of the SMC6624M is its Layer 2 and Layer 3 switching capabilities, enhancing the flexibility and efficiency of network management. The switch supports VLANs (Virtual Local Area Networks), which allow administrators to segment network traffic for improved security and performance. This capability is essential for organizations looking to optimize their network resources and apply policies that enhance security.

The SMC6624M also integrates advanced Quality of Service (QoS) features, enabling the prioritization of network traffic. This is particularly useful for applications such as VoIP and video conferencing, where maintaining low latency and jitter is crucial for ensuring a seamless user experience. Users can define traffic classes and manage bandwidth allocation, which helps in maintaining the quality of critical applications even during peak usage times.

In terms of connectivity and performance, the SMC6624M includes 4 Gigabit SFP ports, allowing for fiber optic connections to extend network reach and provide flexibility in deployment. The ability to take advantage of high-speed fiber connections means businesses can scale their networks as needed without significant infrastructure changes.

Management options for the SMC6624M are comprehensive. It supports SNMP (Simple Network Management Protocol) for monitoring and managing network performance effectively. Additionally, the switch can be configured using a web-based interface, command-line interface (CLI), or through SNMP, providing flexibility to network administrators with different preferences and expertise.

Furthermore, the SMC6624M is built with a fanless design, which ensures quiet operation and is energy efficient. Its compact form factor and sturdy build make it suitable for installation in various environments, including data centers and office settings.

Overall, the SMC Networks SMC6624M stands out for its combination of speed, flexibility, and management features, making it an excellent choice for businesses looking to enhance their network infrastructure. With a focus on reliability and performance, this managed switch promises to deliver the capabilities that today's modern networks demand.