Using Snmp To View And Configure Switch Authentication Features - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
RADIUS Authentication, Authorization, and Accounting
Using SNMP To View and Configure Switch Authentication Features
S e c u r i t y N o t e s
6-32
Using SNMP To View and Configure
Switch Authentication Features
Beginning with software release K.12.xx, SNMP MIB object access is available
for switch authentication configuration (hpSwitchAuth) features. This means
that the switches covered by this Guide allow, by default, manager-only SNMP
read/write access to a subset of the authentication MIB objects for the
following features:
■
number of primary and secondary login and enable attempts
■
TACACS+ server configuration and status
RADIUS server configuration
■
■
selected 802.1X settings
key management subsystem chain configuration
■
■
key management subsystem key configuration
OSPF interface authentication configuration
■
local switch operator and manager usernames and passwords
■
With SNMP access to the hpSwitchAuth MIB enabled, a device with manage-
ment access to the switch can view the configuration for the authentication
features listed above (excluding usernames, passwords, and keys). Using
SNMP sets, a management device can change the authentication configuration
(including changes to usernames, passwords, and keys). Operator read/write
access to the authentication MIB is always denied.
All usernames, passwords, and keys configured in the hpSwitchAuth MIB are
not returned via SNMP, and the response to SNMP queries for such informa-
tion is a null string. However, SNMP sets can be used to configure username,
password, and key MIB objects.
To help prevent unauthorized access to the switch's authentication MIB, HP
recommends following the "SNMP Security Guidelines" on page 1-13.
If you do not want to use SNMP access to the switch's authentication config-
uration MIB, then use the snmp-server mib hpswitchauthmib excluded command
to disable this access, as described in the next section.
If you choose to leave SNMP access to the security MIB open (the default
setting), HP recommends that you configure the switch with the SNMP version
3 management and access security feature, and disable SNMP version 2c
access. (Refer to "Access Security Features" on page 1-2.)
Hide quick links:
Advertisement
Chapters
Table of Contents
