Authorized IP managers for IPv6

The Authorized IP Managers feature uses IP addresses and masks to determine which stations (PCs or workstations) can access the switch through the network. This feature supports switch access through:
  • Telnet and other terminal emulation applications

  • WebAgent

  • SNMP (with a correct community name)

  • SSH

  • TFTP

As with the configuration of IPv4 management stations, the Authorized IP Managers for IPv6 feature allows you to specify the IPv6-based stations that can access the switch.
  • You can configure up to 100 authorized IPv4 and IPv6 manager entries on a switch, where each entry applies to either a single management station or a group of stations. Each authorized manager entry consists of an IPv4 or IPv6 address and a mask that determines the individual management stations that are allowed access.
    • You can configure authorized IPv4 manager addresses using the ip authorized-managers command. For more information, see "using authorized ip Managers" in the Access Security Guide.

    • You can configure authorized IPv6 manager addresses using the ipv6 authorized-managers command. For more information, see Configuring authorized IP managers for switch access.

  • You can block all IPv4-based or all IPv6-based management stations from accessing the switch by entering the following commands:
    • To block access to all IPv4 manager addresses while allowing access to IPv6 manager addresses, enter the ip authorized-managers 0.0.0.0 command.

    • To block access to all IPv6 manager addresses while allowing access to IPv4 manager addresses, enter the ipv6 authorized-managers :: command. (The double colon represents an IPv6 address that consists of all zeros: 0:0:0:0:0:0:0:0.)

  • You configure each authorized manager address with Manager- or Operator-level privilege to access the switch.
    • Manager privilege allows full access to all console interface screens for viewing, configuring, and all other operations available in these interfaces.

    • Operator privilege allows read-only access from the console interfaces.

  • When you configure station access to the switch using the Authorized IP Managers feature, the settings take precedence over the access configured with local passwords, TACACS+ servers, RADIUS-assigned settings, port-based (802.1X) authentication, and port security settings.As a result, the IPv6 address of a networked management device must be configured with the Authorized IP Managers feature before the switch can authenticate the device using the configured settings from other access security features. If the Authorized IP Managers feature disallows access to the device, access is denied. Therefore, with Authorized IP Managers configured, logging in with the correct passwords is not sufficient to access a switch through the network unless the station requesting access is also authorized in the switch's Authorized IP Managers configuration.