EasyManua.ls Logo

ProCurve 2900 - SNMP Access (Simple Network Management Protocol)

Default Icon
432 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security Overview
Switch Access Security
SSLv3/TLSv1 provides remote Web browser access to the switch via
encrypted paths between the switch and management station clients
capable of SSL/TLS operation.
(For information on SSH, refer to Chapter 6 “Configuring Secure Shell (SSH)”;
for details on SSL, refer to Chapter 7, “Configuring Secure Socket Layer
(SSL)”.)
Also, access security on the switch is incomplete without disabling Telnet and
the standard Web browser access. Among the methods for blocking unautho-
rized access attempts using Telnet or the Web browser are the following two
CLI commands:
no telnet-server: This command blocks inbound Telnet access.
no web-management: This command prevents use of the Web browser
interface through http (port 80) server access.
If you choose not to disable Telnet and Web browser access, you may want to
consider using RADIUS accounting to maintain a record of password-pro-
tected access to the switch. Refer to Chapter 5, “RADIUS Authentication and
Accounting” in this guide.
SNMP Access (Simple Network Management Protocol)
In the default configuration, the switch is open to access by management
stations running SNMP management applications capable of viewing and
changing the settings and status data in the switch’s MIB (Management
Information Base). Thus, controlling SNMP access to the switch and prevent-
ing unauthorized SNMP access should be a key element of your network
security strategy.
General SNMP Access to the Switch. The switch supports SNMP ver-
sions 1, 2c, and 3, including SNMP community and trap configuration. The
default configuration supports versions 1 and 2c compatibility, which uses
plain text and does not provide security options. ProCurve recommends that
you enable SNMP version 3 for improved security. SNMPv3 includes the ability
to configure restricted access and to block all non-version 3 messages (which
blocks version 1 and 2c unprotected operation).
SNMPv3 security options include:
configuring device communities as a means for excluding management
access by unauthorized stations
configuring for access authentication and privacy
reporting events to the switch CLI and to SNMP trap receivers
1-5

Table of Contents

Related product manuals