Filter
Top Products
3 – Planning
Fabric Security
59021-08 B 3-11
D
3.5.1
User Account Security
User account security consists of the administration of account names,
passwords, expiration date, and authority level. If an account has Admin authority,
all management tasks can be performed by that account in both SANbox Manager
and the Command Line Interface. Otherwise only monitoring tasks are available.
The default account name, Admin, is the only account that can administer user
accounts. Consider your management needs and determine the number of user
accounts, their authority needs, and expiration dates.
Account names and passwords are always required when connecting to a switch
through Telnet. However, SANbox Manager does not authenticate account names
when opening a fabric unless user authentication is enabled. User authentication
is disabled by default and can be changed using the Set Setup System command.
Refer to the ”Set Setup Command” on page B-48 for more information. User
authentication must be configured the same for all switches in the fabric. If user
authentication is disabled, SANbox Manager ignores the account name and
password entries and logs you in with the default account name and password
(admin, password). Consider your user accounts and determine whether user
authentication is necessary.
3.5.2
Fabric Services
Fabric services include security-related functions such as inband management
and SNMP. Inband management is the ability to manage switches across
inter-switch links using SANbox Manager, SNMP, management server, or the
application programming interface. The switch comes from the factory with inband
management enabled. If you disable inband management on a particular switch,
you can no longer communicate with that switch by means other than a direct
Ethernet or serial connection.
You can also enable or disable the Simple Network Management Protocol
(SNMP). SNMP is the protocol governing network management and monitoring of
network devices. SNMP security consists of a read community string and a write
community string, that are the passwords that control read and write access to the
switch. The read community string ("public") and write community string ("private")
are set at the factory to these well-known defaults and should be changed if
SNMP is enabled. If SNMP is enabled (default) and the the read and write
community strings have not been changed from their defaults, you risk unwanted
access to the switch. SNMP is enabled by default. Consider how you want to
manage the fabric and what switches you do not want managed or monitored
through other switches.