EasyManua.ls Logo

HPE FlexFabric 5700 Series

HPE FlexFabric 5700 Series
314 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
84
View-based Access Control Model—The VACM mode controls access to MIB objects by
assigning MIB views to SNMP communities or users.
Role based access control—The RBAC mode controls access to MIB objects by assigning
user roles to SNMP communities or users.
{ An SNMP community or user with a predefined user role network-admin or level-15 has
read and write access to all MIB objects.
{ An SNMP community or user with a predefined user role network-operator has read-only
access to all MIB objects.
{ An SNMP community or user with a user role specified by the role command accesses MIB
objects through the user role rules specified by the rule command.
If you create the same SNMP community or user with both modes multiple times, the most recent
configuration takes effect. For more information about user roles and the rule command, see
Fundamentals Command Reference.
For an NMS to access an agent:
The RBAC mode requires the user role bound to a community name or username to have the
same access right to MIB objects as the NMS.
The VACM mode requires only the access right from the NMS to MIB objects.
The RBAC mode is more secure. As a best practice, use the RBAC mode to control NMS access to
MIB objects.
SNMP silence
SNMP silence enables the device to automatically detect and defend against SNMP attacks.
After you enable SNMP, the device automatically starts an SNMP silence timer and counts the
number of packets that fail SNMP authentication within 1 minute.
If the number is smaller than 100, the device restarts the timer and counting.
If the number is equal to or greater than 100, the SNMP module enters a 5-minute silence
period, during which the device does not respond to any SNMP packets. After the 5 minutes
expire, the device restarts the timer and counting.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
Configuring SNMP basic parameters
SNMPv3 differs from SNMPv1 and SNMPv2c in many ways. Their configuration procedures are
described in separate sections.
Configuring SNMPv1 or SNMPv2c basic parameters
SNMPv1 and SNMPv2c settings are supported only in non-FIPS mode.
To configure SNMPv1 or SNMPv2c basic parameters:

Table of Contents

Other manuals for HPE FlexFabric 5700 Series

Related product manuals