Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Protecting MGMT access using "ip authorized-managers"

This thread has been viewed 29 times

  • 1.  Protecting MGMT access using "ip authorized-managers"

    Posted May 23, 2019 04:21 AM

    I have 2930M switch running WC.16.05.0004 code and I want to limit HTTPS and SNMP access to certain subnet (172.20.18.0/24) while allowing SSH access from all subnets. Is this the correct way of doing it?

     

    ip authorized-managers 172.20.18.0 255.255.255.0 access manager
    ip authorized-managers 0.0.0.0 0.0.0.0 access manager access-method ssh

     

    any idea how the lines of "ip authorized-managers" are processed? Is it in sequence and once the user hits one line, the other lines are not processed?

     

    or the whole list is processed and user gets the highest (or lowest) privilige for his IP address?

     

     


    #2930M
    #2930M


  • 2.  RE: Protecting MGMT access using "ip authorized-managers"
    Best Answer

    EMPLOYEE
    Posted May 24, 2019 10:31 AM

    Greetings!

     

    Unlike an ACL, the 'ip authorized-managers' command applies the highest level of access allowed for the management station IP address you're connecting from (as you described in your second example). 

     

    So, for the two commands you listed, any management station can access the switch via SSH and be granted up to Manager-level access (depending on the account used for authentication), while a management station on the 172.18.20.0/24 subnet would be able to access all authentication methods with up to Manager-level permissions.