The following example shows how to configure a SNMPv3 user v3trap with authentication only:
For more information on using SNMP, see the HP 1:10Gb Ethernet BL-c Switch Command Reference.
See the HP 1:10Gb Ethernet BL-c Switch User Guide for a complete list of supported MIBs.
Secure access to the switch
Secure switch management is needed for environments that perform significant management functions
across the Internet. The following are some of the functions for secured management:
Limiting management users to a specific IP address range. See the "Setting allowable source IP
address ranges" section in this chapter.
Authentication and authorization of remote administrators. See the "RADIUS authentication and
authorization" section or the "TACACS+ authentication" section, both later in this chapter.
Encryption of management information exchanged between the remote administrator and the switch.
See the "Secure Shell and Secure Copy" section later in this chapter.
Setting allowable source IP address ranges
To limit access to the switch without having to configure filters for each switch port, you can set a source
IP address (or range) that will be allowed to connect to the switch IP interface through Telnet, SSH, SNMP,
or the switch browser-based interface (BBI).
When an IP packet reaches the application switch, the source IP address is checked against the range of
addresses defined by the management network and management mask. If the source IP address of the
host or hosts is within this range, it is allowed to attempt to log in. Any packet addressed to a switch IP
interface with a source IP address outside this range is discarded.
(Configure user named "v3trap")
(Define access group to view SNMPv3 traps)
(Assign user to the access group)
(Assign user to the notify table)
(Define an IP address to send traps)
(Specify SNMPv3 traps to send)
(Set the authentication level)
Accessing the switch