Download  Print this page

Secure Access To The Switch; Setting Allowable Source Ip Address Ranges - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Application Manual

Hp 1:10gb ethernet bl-c switch for c-class bladesystem application guide.
Hide thumbs

Advertisement

The following example shows how to configure a SNMPv3 user v3trap with authentication only:
/c/sys/ssnmp/snmpv3/usm 11
/c/sys/ssnmp/snmpv3/access 11
/c/sys/ssnmp/snmpv3/group 11
/c/sys/ssnmp/snmpv3/notify 11
/c/sys/ssnmp/snmpv3/taddr 11
/c/sys/ssnmp/snmpv3/tparam 11
For more information on using SNMP, see the HP 1:10Gb Ethernet BL-c Switch Command Reference.
See the HP 1:10Gb Ethernet BL-c Switch User Guide for a complete list of supported MIBs.

Secure access to the switch

Secure switch management is needed for environments that perform significant management functions
across the Internet. The following are some of the functions for secured management:
Limiting management users to a specific IP address range. See the "Setting allowable source IP
address ranges" section in this chapter.
Authentication and authorization of remote administrators. See the "RADIUS authentication and
authorization" section or the "TACACS+ authentication" section, both later in this chapter.
Encryption of management information exchanged between the remote administrator and the switch.
See the "Secure Shell and Secure Copy" section later in this chapter.

Setting allowable source IP address ranges

To limit access to the switch without having to configure filters for each switch port, you can set a source
IP address (or range) that will be allowed to connect to the switch IP interface through Telnet, SSH, SNMP,
or the switch browser-based interface (BBI).
When an IP packet reaches the application switch, the source IP address is checked against the range of
addresses defined by the management network and management mask. If the source IP address of the
host or hosts is within this range, it is allowed to attempt to log in. Any packet addressed to a switch IP
interface with a source IP address outside this range is discarded.
name "v3trap"
auth md5
authpw v3trap
name "v3trap"
level authNoPriv
nview "iso"
uname v3trap
gname v3trap
name v3trap
tag v3trap
name v3trap
addr 47.81.25.66
taglist v3trap
pname v3param
name v3param
uname v3trap
level authNoPriv
(Configure user named "v3trap")
(Define access group to view SNMPv3 traps)
(Assign user to the access group)
(Assign user to the notify table)
(Define an IP address to send traps)
(Specify SNMPv3 traps to send)
(Set the authentication level)
Accessing the switch
20

Advertisement

Table of Contents

   Related Manuals for HP 438031-B21 - 1:10Gb Ethernet BL-c Switch

   Related Content for HP 438031-B21 - 1:10Gb Ethernet BL-c Switch

This manual is also suitable for:

1:10gbe

Comments to this Manuals

Symbols: 0
Latest comments: