HP ProCurve 9304M Security Manual page 156

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

as the password.

You can configure as many additional read-only and read-write community strings as you need. The number of

strings you can configure depends on the memory on the device. There is no practical limit.

The Web management interface supports only one read-write session at a time. When a read-write session is

open on the Web management interface, subsequent sessions are read-only, even if the session login is "set" with

a valid read-write password.

NOTE: If you delete the startup-config file, the device automatically re-adds the default "public" read-only

community string the next time you load the software.

NOTE: As an alternative to the SNMP community strings, you can secure Web management access using local

user accounts or ACLs. See "Setting Up Local User Accounts" on page 2-16 or "Using an ACL to Restrict Web

Management Access" on page 2-5.

Encryption of SNMP Community Strings

The software automatically encrypts SNMP community strings. Users with read-only access or who do not have

access to management functions in the CLI cannot display the strings. For users with read-write access, the

strings are encrypted in the CLI but are shown in the clear in the Web management interface.

Encryption is enabled by default. You can disable encryption for individual strings or trap receivers if desired. See

the next section for information about encryption.

Adding an SNMP Community String

To add a community string, use one of the following methods. When you add a community string, you can specify

whether the string is encrypted or clear. By default, the string is encrypted.

USING THE CLI

To add an encrypted community string, enter commands such as the following:

ProCurveRS(config)# snmp-server community private rw

ProCurveRS(config)# write memory

Syntax: snmp-server community [0 | 1] <string>

ro | rw [view <viewname>] [<standard-acl-name> | <standard-acl-id>]

The <string> parameter specifies the community string name. The string can be up to 32 characters long.

The ro | rw parameter specifies whether the string is read-only (ro) or read-write (rw).

The 0 | 1 parameter affects encryption for display of the string in the running-config and the startup-config file.

Encryption is enabled by default. When encryption is enabled, the community string is encrypted in the CLI

regardless of the access level you are using. In the Web management interface, the community string is

encrypted at the read-only access level but is visible at the read-write access level.

The encryption option can be omitted (the default) or can be one of the following:

•

0 – Disables encryption for the community string you specify with the command. The community string is

shown as clear text in the running-config and the startup-config file. Use this option if you do not want the

display of the community string to be encrypted.

•

1 – Assumes that the community string you enter is the encrypted form, and decrypts the value before using

it.

10 - 2

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 156

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents