Secure telnet access - 3Com switch

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: comp.dcom.lans.ethernet (More info?)

Is there a way to configure a 3Com switch to restrict telnet access to
it?
I manage the switch over the network, but I don´t want users to access
switch command line interface.

I want to configure something like a access-list on vty on Cisco
switches. Is it possible??

I have three diferents model of switches:
- 3Com 3300
- 3Com Desktop Switch
- 3Com Corebuilder 5000

Thanks!
 
G

Guest

Guest
Archived from groups: comp.dcom.lans.ethernet (More info?)

On 9 Aug 2005 11:38:13 -0700, guille_frick@yahoo.es wrote:
> Is there a way to configure a 3Com switch to restrict telnet access to
> it?
> I manage the switch over the network, but I don´t want users to access
> switch command line interface.
>
> I want to configure something like a access-list on vty on Cisco
> switches. Is it possible??
>
> I have three diferents model of switches:
> - 3Com 3300
> - 3Com Desktop Switch
> - 3Com Corebuilder 5000

The following is based on my experience with the 3300, I can't say
anything about the other models.

The switches' management interface is on VLAN 1 by default - I heard
claims that this can be changed via SNMP, but I don't know if it is true.
I find it good practice to only have switches and management stations in
this VLAN, and put users on different VLANs. This way, users will not
be able to access the switch management. As an additional measure, you
should of course set passwords for all accounts on the switch. The VLAN
separation ensures that users can not read the passwords when you are
sending them unencrypted over telnet.

As far as I know, there are no access lists based on client IP address.
You can only configure which user is able to access which protocol
(telnet, snmp, ...).

Mirko
 
G

Guest

Guest
Archived from groups: comp.dcom.lans.ethernet (More info?)

On 9 Aug 2005 11:38:13 -0700, guille_frick@yahoo.es wrote:
> Is there a way to configure a 3Com switch to restrict telnet access to
> it?
> I manage the switch over the network, but I don´t want users to access
> switch command line interface.
>
> I want to configure something like a access-list on vty on Cisco
> switches. Is it possible??
>
> I have three diferents model of switches:
> - 3Com 3300
> - 3Com Desktop Switch
> - 3Com Corebuilder 5000

The following is based on my experience with the 3300, I can't say
anything about the other models.

The switches' management interface is on VLAN 1 by default - I heard
claims that this can be changed via SNMP, but I don't know if they are true.
I find it good practice to only have switches and management stations in
this VLAN, and put users on different VLANs. This way, users will not
be able to access the switch management. As an additional measure, you
should of course set passwords for all accounts on the switch. The VLAN
separation ensures that users can not read the passwords when you are
sending them unencrypted over telnet.

As far as I know, there are no access lists based on client IP address.
You can only configure which user is able to access which protocol
(telnet, snmp, ...).

Mirko
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom