Setting allowable source ip address ranges, Secure access to the switch – HP 445946-001 User Manual

Page 20

Advertising
background image

Accessing the switch

20

The following example shows how to configure a SNMPv3 user

v3trap

with authentication only:

/c/sys/ssnmp/snmpv3/usm 11 (Configure user named “v3trap”)

name "v3trap"

auth md5

authpw v3trap

/c/sys/ssnmp/snmpv3/access 11 (Define access group to view SNMPv3 traps)

name "v3trap"

level authNoPriv

nview "iso"

/c/sys/ssnmp/snmpv3/group 11 (Assign user to the access group)

uname v3trap

gname v3trap

/c/sys/ssnmp/snmpv3/notify 11 (Assign user to the notify table)

name v3trap

tag v3trap

/c/sys/ssnmp/snmpv3/taddr 11 (Define an IP address to send traps)

name v3trap

addr 47.81.25.66

taglist v3trap

pname v3param

/c/sys/ssnmp/snmpv3/tparam 11 (Specify SNMPv3 traps to send)

name v3param

uname v3trap

level authNoPriv (Set the authentication level)

For more information on using SNMP, see the HP 10Gb Ethernet BL-c Switch Command Reference Guide.
See the HP 10Gb Ethernet BL-c Switch User Guide for a complete list of supported MIBs.

Secure access to the switch

Secure switch management is needed for environments that perform significant management functions

across the Internet. The following are some of the functions for secured management:

Limiting management users to a specific IP address range. See the “Setting allowable source IP

address ranges” section in this chapter.

Authentication and authorization of remote administrators. See the “RADIUS authentication and

authorization” section or the “TACACS+ authentication” section, both later in this chapter.

Encryption of management information exchanged between the remote administrator and the switch.

See the “Secure Shell and Secure Copy” section later in this chapter.

Setting allowable source IP address ranges

To limit access to the switch without having to configure filters for each switch port, you can set a source

IP address (or range) that will be allowed to connect to the switch IP interface through Telnet, SSH, SNMP,

or the switch browser-based interface (BBI).
When an IP packet reaches the application switch, the source IP address is checked against the range of

addresses defined by the management network and management mask. If the source IP address of the

host or hosts is within this range, it is allowed to attempt to log in. Any packet addressed to a switch IP

interface with a source IP address outside this range is discarded.

Advertising
Popular Brands
Popular manuals