Filter
Top Products
Security Overview
Getting Started with Access Security
SNMP Security Guidelines
In the default configuration, the switch is open to access by management
stations running SNMP (Simple Network Management Protocol) management
applications capable of viewing and changing the settings and status data in
the switch’s MIB (Management Information Base). Thus, controlling SNMP
access to the switch and preventing unauthorized SNMP access should be a
key element of your network security strategy.
General SNMP Access to the Switch. The switch supports SNMP
versions 1, 2c, and 3, including SNMP community and trap configuration. The
default configuration supports versions 1 and 2c compatibility, which uses
plain text and does not provide security options.
ProCurve recommends that you enable SNMP version 3 for improved security.
SNMPv3 includes the ability to configure restricted access and to block all
non-version 3 messages (which blocks version 1 and 2c unprotected
operation).
SNMPv3 security options include:
■ configuring device communities as a means for excluding management
access by unauthorized stations
■ configuring for access authentication and privacy
■ reporting events to the switch CLI and to SNMP trap receivers
■ restricting non-SNMPv3 agents to either read-only access or no access
■ co-existing with SNMPv1 and v2c if necessary
SNMP Access to the Authentication Configuration MIB. A
management station running an SNMP networked device management
application, such as ProCurve Manager Plus (PCM+) or HP OpenView, can
access the switch’s management information base (MIB) for read access to
the switch’s status and read/write access to the switch’s authentication
configuration (hpSwitchAuth). This means that the switch’s default
configuration now allows SNMP access to security settings in hpSwitchAuth.
Note on SNMP This software version enables SNMP access to the authentication
Access to
configuration MIB (the default action). If SNMPv3 and other security
Authentication
safeguards are not in place, the switch’s authentication configuration MIB is
MIB
exposed to unprotected SNMP access and you should use the command
shown below to disable this access.
1-16