Using authorized ip managers, Using authorized ip managers -4 – IronPort Systems 4108GL User Manual

Page 188

Advertising

10-4

Using Authorized IP Managers for Increased Management Security
Using Authorized IP Managers

Usi

ng Aut

ori

zed I

nag

ers

Using Authorized IP Managers

Authorized IP Manager Features

This feature enables you to enhance security on the switch by using IP
addresses to authorize which stations (PCs or workstations) can access the
switch. Also, when configured in the switch, Authorized IP Managers take
precedence over TACACS+ and local user-name/password pairs as indicated
in table 10-1, "Management Access Security Features" on page 10-2.

Thus, with Authorized IP Management configured, having the correct pass-
words is not sufficient for accessing the switch through the network unless
the station attempting access is also included in the switch’s Authorized IP
Managers configuration.

Options.

You can configure:

■

Up to 10 authorized manager addresses, where each address applies to
either a single management station or a group of stations

■

Manager or Operator access level

C a u t i o n

Configuring Authorized IP Managers does not protect access to the switch
through a modem or direct connection to the Console (RS-232) port. Also, if
the IP address assigned to an authorized management station is configured in
another station, the other station can gain management access to the switch
even though a duplicate IP address condition exists. For these reasons, you
should enhance your network’s security by keeping physical access to the
switch restricted to authorized personnel, using the TACACS+ and user-name/
password features built into the switch, and preventing unauthorized access
to data on your management stations.

Feature

Default

Menu

CLI

Web

Listing (Showing) Authorized
Managers

n/a

page 10-7

page 10-8

page 10-10

Configuring Authorized IP
Managers

None