Using Authorized IP Managers
Overview
Overview
Authorized IP Manager Features
Feature Default Menu CLI Web
Listing (Showing) Authorized
Managers
n/a page 8-5 page 8-6 page 8-8
Configuring Authorized IP
Managers
None page 8-5 page 8-6 page 8-8
Building IP Masks n/a page 8-9 page 8-9 page 8-9
Operating and Troubleshooting n/a page 8-12 page 8-12 page 8-12
Notes
The Authorized IP Managers feature enhances security on the switch by using
IP addresses and masks to determine which stations (PCs or workstations)
can access the switch through the network. This covers access through the
following means:
– Telnet and other terminal emulation applications
– The switch’s web browser interface
– SNMP (with a correct community name)
– File transfers using TFTP (for configurations and software
updates)
Also, when configured in the switch, the Authorized IP Managers feature takes
precedence over local passwords, TACACS+, RADIUS, Port-Based Access
Control (802.1x), and Port Security. This means that the IP address of a
networked management device must be authorized before the switch will
attempt to authenticate the device by invoking any other access security
features. If the Authorized IP Managers feature disallows access to the device,
then access is denied. Thus, with authorized IP managers configured, having
the correct passwords is not sufficient for accessing the switch through the
network unless the station attempting access is also included in the switch’s
Authorized IP Managers configuration.
You can use Authorized IP Managers along with other access security features
to provide a more comprehensive security fabric than if you use only one or
two security options. Refer to
table 1, “Management Access Security Protec-
tion” (page xiii) for a listing of access security features with the security
coverage they provide.
8-2
