HP (Hewlett-Packard) 5300XL ユーザーズマニュアル

HP ProCurve Switch 5300xl Series Reviewer’s Guide 

 

SSL can be used to encrypt the exchange between a web browser and the 5300 switch when using the 

HP ProCurve Switch 5300xl Series web GUI. 
A facility is provided on the GUI interface to generate a self-signed RSA certificate for use during a SSL 

browser session. 

The HP ProCurve Switch 5300xl Series can be configured to designate one of the VLANs to be the 

management VLAN. When this is configured the internal IP address of the switch becomes a member 
solely of the management VLAN. Since access to the switch IP address is necessary for telnet/SSH, 

GUI, and SNMP access, other members of this VLAN are the only ones that can manage the switch. 
The management VLAN is useful when higher switch security is desired. It prevents general switch 
function access by anyone other than those on the management VLAN. The management VLAN cannot 

be designated an XRRP backup VLAN. 

Many functions of the HP ProCurve Switch 5300xl Series can be monitored and the switch 

configuration can even be changed through the switch’s MIBs. The standard method of querying the 
switch’s MIBs for network management is through SNMP, the simple network management protocol. 
Before version 3 of SNMP, SNMP has used clear text across the network. On some networks this has 

been viewed as a possible serious security concern. A way around this has been to use a network 
management specific VLAN (see the section above on Management VLAN), but this can be restrictive 

and is not a viable solution in many environments, particularly remote environments. 
SNMPv3 provides security for the SNMP communications across the web, including an encryption 

mechanism to encrypt packet information. The three levels of security available in SNMPv3 are: 

•  Authentication between the SNMP initiator and the 5300 switch based on username. Not very 

secure. 

•  Authentication between the SNMP initiator and the 5300 switch based on MD5 or SHA 

algorithms. Better security for the passwords as they are encrypted. Actual SNMP 

communication after login is still clear text and not secure. 

•  Authentication between the SNMP initiator and the 5300 switch based on MD5 or SHA 

algorithms and encryption via 56 bit key DES. Passwords are protected and further SNMP 

communication is encrypted across the network. Querying and control via SNMP cannot be 
viewed outside the encrypted session. 

With SNMPv3 those sites that are concerned with the possibility of packet snooping can turn on 
encryption allowing secure communication between the network management application and the 

switch. 

The HP ProCurve Switch 5300xl Series Manager Authorized List can be configured with up to ten IP 

addresses that have management access to the switch. The list, along with Management VLANs and 

console passwords, provides a way to tightly limit who has access to the switch console.  
If no addresses are in this list (the default) any source IP address can send a packet to the switch’s 

management agent. If you do have addresses in this list and you are using a management VLAN, 
addresses on the list must be a member of the management VLAN to obtain switch login. 

 

© Hewlett-Packard Co. 2002, 2003 

Rev 1.1 – 2/11/2003 

http://www.hp.com/go/hpprocurve

 

Page 23 of 35