3 – Planning
Fabric Security
59042-07 A 3-11
0
3.5
Fabric Security
Fabric security consists of the following:
User account security
Fabric services
3.5.1
User Account Security
User account security consists of the administration of account names,
passwords, expiration date, and authority level. If an account has Admin authority,
all management tasks can be performed by that account in both SANsurfer Switch
Manager™ and the Telnet command line interface. Otherwise, only monitoring
tasks are available. The default account name, Admin, is the only account that
can create or change account names and passwords. Account names and
passwords are always required when connecting to a switch. Consider your
management needs and determine the number of user accounts, their authority
needs, and expiration dates.
3.5.2
Fabric Services
Fabric services include security-related functions such as inband management
and SNMP. Inband management is the ability to manage switches across
inter-switch links using SANsurfer Switch Manager, SNMP, management server,
or the application programming interface. The switch comes from the factory with
inband management enabled. If you disable inband management on a particular
switch, you can no longer communicate with that switch by means other than a
direct Ethernet or serial connection.
You can also enable or disable the Simple Network Management Protocol
(SNMP). SNMP is the protocol governing network management and monitoring of
network devices. SNMP security consists of a read community string and a write
community string, that are the passwords that control read and write access to the
switch. The read community string ("public") and write community string ("private")
are set at the factory to these well-known defaults and should be changed if
SNMP is enabled. If SNMP is enabled (default) and the read and write community
strings have not been changed from their defaults, you risk unwanted access to
the switch. SNMP is enabled by default. Consider how you want to manage the
fabric and what switches you do not want managed or monitored through other
switches.