HP ProCurve J8766A Release Note page 58

Enhancements
Release L.10.20 Enhancements
number of primary and secondary login and enable attempts
■
■ TACACS+ server configuration and status
■ RADIUS server configuration
selected 802.1X settings
■
key management subsystem chain configuration
■
■ key management subsystem key configuration
■ OSPF interface authentication configuration
With SNMP access to the hpSwitchAuth MIB enabled, a device with management access to the switch
can view the configuration for the authentication features listed above (excluding passwords and
keys). Using SNMP sets, a management device can change the authentication configuration
(including changes to passwords and keys). Operator read/write access to the authentication MIB
is always denied.
S e c u r i t y N o t es
Passwords and keys configured in the hpSwitchAuth MIB are not returned via SNMP, and the
response to SNMP queries for such information is a null string. However, SNMP sets can be used to
configure password and key MIB objects.
To help prevent unauthorized access to the switch's authentication MIB, ProCurve recommends
enhancing security according to the guidelines under
8.
If you do not want to use SNMP access to the switch's authentication configuration MIB, then you
should use the snmp-server mib hpswitchauthmib excluded command to disable this access, as
described in the next section.
If you choose to leave SNMP access to the security MIB open (the default setting), ProCurve
recommends that you configure the switch with the SNMP version 3 management and access security
feature, and disable SNMP version 2c access. (Refer to
Protocol)" on page 10.)
Changing and Viewing the SNMP Access Configuration
Syntax: snmp-server mib hpswitchauthmib < excluded | included >
52
"Switch Management Access Security" on page
"SNMP Access (Simple Network Management