Snmp And Virtual Fabrics; Filtering Ports; Switch And Chassis Context Enforcement; The Security Level - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.2 administrator guide (5697-0016, may 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (518 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
For information on the specific commands used in these procedures, see online help or the Fabric OS
Command Reference.
SNMP and Virtual Fabrics
When an SNMPv3 request arrives with a particular username, it executes in the home-Virtual Fabric. From
the SNMP manager all SNMPv3 requests must have a home-Virtual Fabric that is specified in the
contextName field. Whenever the home Virtual Fabric is specified, it will be converted to the
corresponding switch ID and the home-Virtual Fabric will be set. If the user does not have permission for the
specified home Virtual Fabric, this request fails with an error code of noAccess.
For an SNMPv3 user to have a home Virtual Fabric, a list of allowed Virtual Fabrics, an RBAC role, and the
name of the SNMPv3 user should match that of the Fabric OS user in the local switch database. SNMPv3
users whose names do not match with any of the existing Fabric OS local users have a default RBAC role
of admin with the SNMPv3 user access control of read/write. Their SNMPv3 user logs in with an access
control of read-only. Both user types will have the default switch as their home-Virtual Fabrics.
The contextName field should have the format VF:xxx where xxx is the actual VF_ID, for example VF:1. If
the contextName field is empty, the home Virtual Fabric of the local Fabric OS user with the same name
shall be used. As Virtual Fabrics and Admin Domains are mutually exclusive, this field is considered as
Virtual Fabrics context whenever Virtual Fabrics is enabled. You cannot specify chassis context in the
contextName field.
Filtering ports
Each port can belong to only one Virtual Fabric at any time. An SNMP request coming to one Virtual
Fabric is able to view only the port information of the ports belonging to that Virtual Fabric. All port
attributes are filtered to allow SNMP to obtain the port information only from within the current Virtual
Fabrics context.
Switch and Chassis context enforcement
All attributes are classified into two categories:
•
Chassis-level attributes
•
Switch-level attributes
Attributes that are specific to each Logical Switch belong to the switch category. These attributes are
available in the Virtual Fabrics context and not available in the Chassis context.
Attributes that are common across the Logical Switches belong to the chassis level. These attributes are
accessible to users having the chassis-role permission. When a chassis table is queried the context is set to
chassis context, if the user has the chassis-role permission. The context is switched back to the original
context after the operation is performed.
The security level
Use the snmpConfig
security, authentication only, authentication and privacy, or off. You need to set the
security for the GET command and the SET command. For example, to configure for authentication and
privacy for both commands:
switch:admin>
Select SNMP GET Security Level
(0 = No security, 1 = Authentication only, 2 = Authentication and Privacy,
3 = No Access): (0..3) [1]
Select SNMP SET Security Level
(0 = No security, 1 = Authentication only, 2 = Authentication and Privacy,
3 = No Access): (2..3) [2]
switch:admin>
GET security level = 2, SET level = 2
SNMP GET Security Level: Authentication and Privacy
SNMP SET Security Level: Authentication and Privacy
102 Configuring standard security features
set seclevel command to set the security level. You can specify no
--
snmpconfig --set seclevel
2
2
snmpconfig --show seclevel
Hide quick links:
Advertisement
Table of Contents
