| Author |
Message |
Guest
|
 Posted:
Tue Aug 09, 2005 11:38 pm Post subject:
Secure telnet access - 3Com switch |
|
|
Is there a way to configure a 3Com switch to restrict telnet access to
it?
I manage the switch over the network, but I donīt want users to access
switch command line interface.
I want to configure something like a access-list on vty on Cisco
switches. Is it possible??
I have three diferents model of switches:
- 3Com 3300
- 3Com Desktop Switch
- 3Com Corebuilder 5000
Thanks! |
|
| Back to top |
|
 |
Mirko Parthey
Guest
|
| Posted:
Wed Aug 10, 2005 10:40 am Post subject:
Re: Secure telnet access - 3Com switch |
|
|
On 9 Aug 2005 11:38:13 -0700, guille_frick@yahoo.es wrote:
| Quote: | Is there a way to configure a 3Com switch to restrict telnet access to
it?
I manage the switch over the network, but I donīt want users to access
switch command line interface.
I want to configure something like a access-list on vty on Cisco
switches. Is it possible??
I have three diferents model of switches:
- 3Com 3300
- 3Com Desktop Switch
- 3Com Corebuilder 5000
|
The following is based on my experience with the 3300, I can't say
anything about the other models.
The switches' management interface is on VLAN 1 by default - I heard
claims that this can be changed via SNMP, but I don't know if it is true.
I find it good practice to only have switches and management stations in
this VLAN, and put users on different VLANs. This way, users will not
be able to access the switch management. As an additional measure, you
should of course set passwords for all accounts on the switch. The VLAN
separation ensures that users can not read the passwords when you are
sending them unencrypted over telnet.
As far as I know, there are no access lists based on client IP address.
You can only configure which user is able to access which protocol
(telnet, snmp, ...).
Mirko |
|
| Back to top |
|
|
Mirko Parthey
Guest
|
| Posted:
Wed Aug 10, 2005 10:41 am Post subject:
Re: Secure telnet access - 3Com switch |
|
|
On 9 Aug 2005 11:38:13 -0700, guille_frick@yahoo.es wrote:
| Quote: | Is there a way to configure a 3Com switch to restrict telnet access to
it?
I manage the switch over the network, but I donīt want users to access
switch command line interface.
I want to configure something like a access-list on vty on Cisco
switches. Is it possible??
I have three diferents model of switches:
- 3Com 3300
- 3Com Desktop Switch
- 3Com Corebuilder 5000
|
The following is based on my experience with the 3300, I can't say
anything about the other models.
The switches' management interface is on VLAN 1 by default - I heard
claims that this can be changed via SNMP, but I don't know if they are true.
I find it good practice to only have switches and management stations in
this VLAN, and put users on different VLANs. This way, users will not
be able to access the switch management. As an additional measure, you
should of course set passwords for all accounts on the switch. The VLAN
separation ensures that users can not read the passwords when you are
sending them unencrypted over telnet.
As far as I know, there are no access lists based on client IP address.
You can only configure which user is able to access which protocol
(telnet, snmp, ...).
Mirko |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in