Wired Intelligent Edge

 View Only
Expand all | Collapse all

Protecting MGMT access using "ip authorized-managers"

This thread has been viewed 30 times
  • 1.  Protecting MGMT access using "ip authorized-managers"

    Posted May 23, 2019 04:21 AM

    I have 2930M switch running WC.16.05.0004 code and I want to limit HTTPS and SNMP access to certain subnet (172.20.18.0/24) while allowing SSH access from all subnets. Is this the correct way of doing it?

     

    ip authorized-managers 172.20.18.0 255.255.255.0 access manager
    ip authorized-managers 0.0.0.0 0.0.0.0 access manager access-method ssh

     

    any idea how the lines of "ip authorized-managers" are processed? Is it in sequence and once the user hits one line, the other lines are not processed?

     

    or the whole list is processed and user gets the highest (or lowest) privilige for his IP address?

     

     


    #2930M
    #2930M


  • 2.  RE: Protecting MGMT access using "ip authorized-managers"
    Best Answer

    Posted May 24, 2019 10:31 AM

    Greetings!

     

    Unlike an ACL, the 'ip authorized-managers' command applies the highest level of access allowed for the management station IP address you're connecting from (as you described in your second example). 

     

    So, for the two commands you listed, any management station can access the switch via SSH and be granted up to Manager-level access (depending on the account used for authentication), while a management station on the 172.18.20.0/24 subnet would be able to access all authentication methods with up to Manager-level permissions.