Overview, Rview -2 – IronPort Systems 4108GL User Manual
Page 186
10-2
Using Authorized IP Managers for Increased Management Security
Overview
Usi
ng Aut
h
ori
zed I
P
Ma
nag
ers
Overview
The Authorized IP Managers feature enhances security on the switch by using
IP addresses and masks to determine which stations (PCs or workstations)
can access the switch through the network. This covers access through the
following means:
–
Telnet
–
The switch’s web browser interface
–
SNMP (with a correct community name)
–
File transfers using TFTP (for configurations and software
updates)
Thus, with authorized IP managers configured, having the correct passwords
is not sufficient for accessing the switch through the network unless the
station attempting access is also included in the switch’s Authorized IP
Managers configuration.
You can use Authorized IP Managers, local passwords (page 9-3), and
TACACS+ () to provide a more comprehensive security fabric than if you use
only one or two of these options. Table 10-1 lists these features with the
security coverage they provide.
Table 10-1. Management Access Security Features
Table 10-1 shows the protection each security feature offers for a given type
of access, and the hierarchy the switch applies when using security features
to process access attempts. For example, the switch provides Telnet manage-
ment access security as follows:
1.
If the switch has an Authorized IP Managers list, the management station
must be included in this list.
•
If the station is not authorized, the switch denies access.
•
If the switch has no Authorized IP Manager list, then the switch uses
TACACS+ authentication, if configured and available (step 2, below).
Security Features in Order
of Implementation
Supported Management Access Protection
Serial
Port
Telnet
SNMP
(Net Mgmt)
TFTP
Web
Browser
Authorized IP Mgrs.
No
Yes
Yes
Yes
Yes
TACACS+
Yes
Yes
No
No
No
Local Manager and Operator
User-Names and Passwords
Yes
Yes
No
No
Yes