Overview, Rview -2 – IronPort Systems 4108GL User Manual

10-2

Using Authorized IP Managers for Increased Management Security
Overview

Usi

ng Aut

h

ori

zed I

P

Ma

nag

ers

Overview

The Authorized IP Managers feature enhances security on the switch by using
IP addresses and masks to determine which stations (PCs or workstations)
can access the switch through the network. This covers access through the
following means:

–

Telnet

–

The switch’s web browser interface

–

SNMP (with a correct community name)

–

File transfers using TFTP (for configurations and software
updates)

Thus, with authorized IP managers configured, having the correct passwords
is not sufficient for accessing the switch through the network unless the
station attempting access is also included in the switch’s Authorized IP
Managers configuration.

You can use Authorized IP Managers, local passwords (page 9-3), and
TACACS+ () to provide a more comprehensive security fabric than if you use
only one or two of these options. Table 10-1 lists these features with the
security coverage they provide.

Table 10-1. Management Access Security Features

Table 10-1 shows the protection each security feature offers for a given type
of access, and the hierarchy the switch applies when using security features
to process access attempts. For example, the switch provides Telnet manage-
ment access security as follows:

1.

If the switch has an Authorized IP Managers list, the management station
must be included in this list.

•

If the station is not authorized, the switch denies access.

•

If the switch has no Authorized IP Manager list, then the switch uses
TACACS+ authentication, if configured and available (step 2, below).

Security Features in Order

of Implementation

Supported Management Access Protection

Serial

Port

Telnet

SNMP

(Net Mgmt)

TFTP

Web

Browser

Authorized IP Mgrs.

No

Yes

Yes

Yes

Yes

TACACS+

Yes

Yes

No

No

No

Local Manager and Operator
User-Names and Passwords

Yes

Yes

No

No

Yes