I have 2930M switch running WC.16.05.0004 code and I want to limit HTTPS and SNMP access to certain subnet (172.20.18.0/24) while allowing SSH access from all subnets. Is this the correct way of doing it?
ip authorized-managers 172.20.18.0 255.255.255.0 access managerip authorized-managers 0.0.0.0 0.0.0.0 access manager access-method ssh
any idea how the lines of "ip authorized-managers" are processed? Is it in sequence and once the user hits one line, the other lines are not processed?
or the whole list is processed and user gets the highest (or lowest) privilige for his IP address?
Unlike an ACL, the 'ip authorized-managers' command applies the highest level of access allowed for the management station IP address you're connecting from (as you described in your second example).
So, for the two commands you listed, any management station can access the switch via SSH and be granted up to Manager-level access (depending on the account used for authentication), while a management station on the 172.18.20.0/24 subnet would be able to access all authentication methods with up to Manager-level permissions.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.