12
Enforcing Switch Security
Switch Management Access Security
For the commands to implement the above actions, refer to “Front-Panel Security” in the chapter
titled “Configuring Usernames and Passwords” in the
Access Security Guide
for your switch.
Other Provisions for Management Access Security
Authorized IP Managers.
This feature uses IP addresses and masks to determine whether to allow
management access to the switch through the network, and covers access through the following:
■
Telnet and other terminal emulation applications
■
The switch’s web browser interface
■
SNMP (with a correct community name)
Refer to the chapter titled “Using Authorized IP Managers” in the
Access Security Guide
for your
switch.
Secure Management VLAN.
This feature creates an isolated network for managing the ProCurve
switches that offer this feature. When a secure management VLAN is enabled, CLI, Menu interface,
and web browser interface access is restricted to ports configured as members of the VLAN.
Refer to the chapter titled “Static Virtual LANs (VLANs)” in the
Advanced Traffic Management Guide
for your switch.
RADIUS Authentication.
For each authorized client, RADIUS can be used to authenticate operator
or manager access privileges on the switch via the serial port (CLI and Menu interface), Telnet, SSH,
and Secure FTP/Secure Copy (SFTP/SCP) access methods.
Refer to the chapter titled “RADIUS Authentication and Accounting” in the
Access Security Guide
for your switch.
Authentication.
This application uses a central server to allow or deny access to
TACACS-aware devices in your network. uses username/password sets with associated
privilege levels to grant or deny access through either the switch’s serial (console) port or remotely,
with Telnet. If the switch fails to connect to a server for the necessary authentication
service, it defaults to its own locally configured passwords for authentication control.
allows both login (read-only) and enable (read/write) privilege level access.
Refer to the chapter titled “ Authentication” in the
Access Security Guide
for your switch
model.
Access Control Lists (ACLs) for Management Access Protection.
ACLs can be used to secure
access to the management interface of the switch by blocking inbound IP traffic that has the switch
itself as the destination address. (Refer also to “Access Control Lists” in the next section.)