Overview of ip mask operation, Overview of ip mask operation -15 – HP TopTools for Hubs and Switches User Manual

Setting Up Security for a Device

Switch Port Security

14-15

Access Levels

For each authorized manager address, you can configure either one of these
access levels:

■

Manager—Enables full access to all web browser and console interface
screens for viewing, configuration, and all other operations available in
these interfaces

■

Operator—Allows view-only access from the web browser and console
interfaces. This is the same access that is allowed by the switch’s operator-
level password feature

Defining Authorized Management Stations

Authorizing Single Stations.

Enable only one station per Authorized

Manager IP parameter to access the switch (the default). To use this method,
just enter the IP address of an authorized management station in the
Authorized Manager IP parameter, and leave the IP Mask set to
255.255.255.255. This is the easiest way to use the Authorized Managers
feature.

Authorizing Multiple Stations.

Using one Authorized Manager IP

parameter, enable a defined group of stations to access the switch. This is
useful if you want to authorize several stations for either manager- or operator-
level access to the switch. All stations in a group defined by one Authorized
Manager IP parameter and its associated IP mask will have the same access
level—Manager or Operator.

To configure the switch for authorized manager access, enter the appropriate
Authorized Manager IP parameter, specify an IP Mask, and select either
Manager or Operator for the Access Level. The IP Mask determines how the
Authorized Manager IP parameter is used to define authorized IP addresses
for management station access.

Overview of IP Mask Operation

The default IP Mask is 255.255.255.255 and allows switch access only to a
station having an IP address that is identical to the Authorized Manager IP
parameter. (“255” in an octet of the mask means that only the exact value in
the corresponding octet of the Authorized Manager IP parameter is allowed
in the IP address of an authorized management station.) However, you can
alter the mask and the Authorized Manager IP parameter to specify ranges of
authorized IP addresses. For example, a mask of 255.255.255.0 and any value
for the Authorized Manager IP parameter allows a range of 0 through 255 in
the 4th octet of the authorized IP address, which enables a block of up to 256
IP addresses for IP management access. A mask of 255.255.255.252 uses the
4th octet of a given Authorized Manager IP address to authorize four IP
addresses for management station access.