HP StoreFabric SN6500B Administrator's Manual page 623
Fabric os administrator's guide, 7.1.0 (53-1002745-02, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Update manual (9 pages) ,
- Administrator's manual (108 pages) ,
- Quickspecs (24 pages)
Table of Contents
Advertisement
4. Optional: Set the authentication protocols.
5. Install the LDAP CA certificate on the switch and Microsoft Active Directory server. Refer to
6. Enter the ipFilter --show command and verify that no active IP filter policy permits access to
7.
8. Enter the fipsCfg --disable bootprom command to block access to the boot PROM.
9. Enter the configure command and respond to the following prompts to enable signed firmware:
Fabric OS Administrator's Guide
53-1002745-02
a. Enter the authUtil --set -h sha1 command to set the hash type for MD5, which is used in
the DH-CHAP and FCAP authentication protocols.
b. Enter the authUtil --set -g n command (where n represents the DH group) to set the DH
group to 1, 2, 3, or 4.
"LDAP certificates for FIPS mode"
Telnet, HTTP, or RPC ports, even if a higher priority policy explicitly denies such access. If an
active IP policy does permit any of these ports, you must modify or deactivate the policy. Create
separate policies for IPv4 and IPv6, and block access on Telnet, HTTP, and RPC ports.
a. Enter the ipFilter command to create IP filter policies for IPv4 and IPv6. Refer to
an IP Filter policy"
on page 218.
b. Add rules to each IP filter policy. Refer to
You can use the following modifications to the rule to block access to Telnet, HTTP, and
RPC ports:
ipfilter --addrule policyname -rule rule_number -sip source_IP -dp
dest_port -proto protocol -act deny
•
The -sip option can be given as any.
•
The -dp options for the port numbers for Telnet, HTTP, and RPC are 23, 80, and 898,
respectively.
•
The -proto option should be set to TCP.
c.
Activate each IP filter policy. Refer to
d. Save each IP filter policy. Refer to
Example
ipfilter --create http_block_v4 -type ipv4
ipfilter --addrule http_block_v4 -rule 1 -sip any -dp 80 -proto tcp -act deny
ipfilter --activate http_block_v4
Use the snmpConfig --set seclevel command to turn on SNMP security. When prompted to
select the SNMP SET Security Level, enter 3, for no access.
Example
switch:FID128:admin> snmpconfig --set seclevel
Select SNMP GET Security Level
(0 = No security, 1 = Authentication only, 2 = Authentication and Privacy, 3 =
No Access): (0..3) [0]
Select SNMP SET Security Level
(0 = No security, 1 = Authentication only, 2 = Authentication and Privacy, 3 =
No Access): (0..3) [0] 3
NOTE
This command can be entered only from the root account. It must be entered before disabling
the root account.
Preparing a switch for FIPS
on page 620.
"Adding a rule to an IP Filter policy"
"Activating an IP Filter policy"
"Saving an IP Filter policy"
"Creating
on page 223.
on page 219.
on page 218.
B
623
- Quick Links:
- Performing Basic Configuration Tasks
Hide quick links:
Advertisement
Table of Contents
