1-5
Security Overview
Switch Access Security
you enable SNMP version 3 for improved security. SNMPv3 includes the ability
to configure restricted access and to block all non-version 3 messages (which
blocks version 1 and 2c unprotected operation).
SNMPv3 security options include:
■ configuring device communities as a means for excluding management
access by unauthorized stations
■ configuring for access authentication and privacy
■ reporting events to the switch CLI and to SNMP trap receivers
■ restricting non-SNMPv3 agents to either read-only access or no access
■ co-existing with SNMPv1 and v2c if necessary
SNMP Access to the Authentication Configuration MIB. Beginning
with software release K.12.xx, a management station running an SNMP net-
worked device management application, such as ProCurve Manager Plus
(PCM+) or HP OpenView, can access the switch’s management information
base (MIB) for read access to the switch’s status and read/write access to the
switch’s authentication configuration (hpSwitchAuth). This means that the
switch’s default configuration now allows SNMP access to security settings in
hpSwitchAuth.
Note on SNMP
Access to
Authentication
MIB
Downloading and booting from the K.12.xx or greater software version for the
first time enables SNMP access to the authentication configuration MIB (the
default action). If SNMPv3 and other security safeguards are not in place, the
switch’s authentication configuration MIB is exposed to unprotected SNMP
access and you should use the command shown below to disable this access.
If SNMP access to the hpSwitchAuth MIB is considered a security risk
in your network, then you should implement the following security precau-
tions when downloading and booting from software release K.12.xx or greater:
■ If SNMP access to the authentication configuration (hpSwitchAuth) MIB
described above is not desirable for your network, then immediately after
downloading and booting from the K.12.xx or greater software for the first
time, use the following command to disable this feature:
snmp-server mib hpswitchauthmib excluded
■ If you choose to leave the authentication configuration MIB accessible,
then you should do the following to help ensure that unauthorized work-
stations cannot use SNMP tools to access the MIB:
a. Configure SNMP version 3 management and access security on the
switch.
b. Disable SNMP version 2c on the switch.
Comments to this Manuals