Snmp Access (Simple Network Management Protocol) - HP ProCurve J8766A Release Note

For the procurve series 4200vl switches

Hide thumbs Also See for ProCurve J8766A:

Read me first (4 pages)

Quick reference manual (44 pages)

Installation manual (48 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

page of 124

/ 124
Contents
Table of Contents
Bookmarks

Table of Contents

Enforcing Switch Security

Switch Management Access Security

SNMP Access (Simple Network Management Protocol)

In the default configuration, the switch is open to access by management stations running SNMP

management applications capable of viewing and changing the settings and status data in the switch's

MIB (Management Information Base). Thus, controlling SNMP access to the switch and preventing

unauthorized SNMP access should be a key element of your network security strategy.

General SNMP Access to the Switch. The switch supports SNMP versions 1, 2c, and 3, including

SNMP community and trap configuration. The default configuration supports versions 1 and 2c

compatibility, which uses plain text and does not provide security options. ProCurve recommends

that you enable SNMP version 3 for improved security. SNMPv3 includes the ability to configure

restricted access and to block all non-version 3 messages (which blocks version 1 and 2c unprotected

operation). SNMPv3 security options include:

•

configuring device communities as a means for excluding management access by

unauthorized stations

•

configuring for access authentication and privacy

•

reporting events to the switch CLI and to SNMP trap receivers

•

restricting non-SNMPv3 agents to either read-only access or no access

•

co-existing with SNMPv1 and v2c if necessary

For more on SNMPV3, refer to the next subsection and to the chapter titled "Configuring for

Network Management Applications" in the Management and Configuration Guide for your switch.

SNMP Access to the Switch's Authentication Configuration MIB. A management station

running an SNMP networked device management application such as ProCurve Manager Plus

(PCM+) or HP OpenView can access the switch's management information base (MIB) for read access

to the switch's status and read/write access to the switch's configuration. In earlier software versions,

SNMP access to the switch's authentication configuration (hpSwitchAuth) MIB was not allowed.

However, beginning with software release L.10.20, the switch's default configuration allows SNMP

access to security settings in hpSwitchAuth. If SNMP access to the hpSwitchAuth MIB is considered

a security risk in your network, then you should implement the following security precautions when

downloading and booting from software release L.10.20 or greater:

If SNMP access to the authentication configuration (hpSwitchAuth) MIB described above and

in the section titled

51) is not desirable for your network, then immediately after downloading and booting from the

L.10.20 or greater software for the first time, use the following command to disable this feature:

snmp-server mib hpswitchauthmib excluded

"Using SNMP To View and Configure Switch Authentication Features"

(page

Table of Contents

Show Quick Links

Quick Links:
Rebooting and Reloading the Switch

Hide quick links:

Table of Contents

This manual is also suitable for:

Procurve 4200vl L.11.09

Snmp Access (Simple Network Management Protocol) - HP ProCurve J8766A Release Note

SNMP Access (Simple Network Management Protocol)

Hide quick links:

Related Manuals for HP ProCurve J8766A

Related Content for HP ProCurve J8766A

This manual is also suitable for:

Table of Contents