12
W
IRELESS
LAN S
WITCH
AND
C
ONTROLLER
MSS V
ERSION
3.0 R
ELEASE
N
OTES
■
Access to 3WXM. To secure access, configure user
accounts within 3WXM.
■
Access to the 3WXM monitoring service. To secure
access, configure user accounts within the moni-
toring service.
■
Do not use passwords that are easy to guess, such
as vehicle registration plates, family birthdays and
names, or common words. Use combinations of
uppercase and lowercase letters as well as num-
bers in all passwords.
SNMP
SNMP is disabled by default. 3Com recommends that
you leave SNMP disabled unless you are using 3Com
Network Director or a similar product to manage your
wired network. If you do need to use SNMP, do not
use the well-known community strings
public
(com-
monly used for read-only access) or
private
(com-
monly used for read-write access.) By default, no
SNMP community strings are configured. Use SNMP
on an isolated management VLAN so that the clear
text community strings are not visible on the public
network.
The 3.0 manuals state that MSS has default commu-
nity strings
public
and
private
. This is incorrect. No
community strings are set by default in MSS Version
3.0.
To disable SNMP (if not already disabled), use the
set
ip snmp server disable
command.
To change the community strings, use the
set snmp
community
command.
CLI Access
MSS allows CLI access through the console, through
Telnet, and through SSH. Console and SSH access are
enabled by default. Telnet is disabled by default.
Configure a username and password, so that MSS
requires login even for console access. Usernames
and their passwords are not specific to the type of
management access. You can use the same username
and password for access through the console, Telnet,
or SSH.
Leave Telnet disabled unless you need it. Use SSH
instead.
Even though the SSH service is enabled by default,
you need to generate a key pair before you can use
SSH. Use the
crypto generate key ssh
command.
Web Access
Web Manager uses HTTPS for encrypted communica-
tions and certificate-based server authentication, and
requires use of the enable password.
Web Manager access through HTTPS is enabled by
default. Unless you need to use Web Manager, dis-
able the HTTPS server on the WX switch. (Even
though 3WXM also uses HTTPS, disabling the HTTPS
server does not disable access by 3WXM.) To disable
the HTTPS server, use the
set ip ssh server disable
command.
If you do need to use Web Manager, use the follow-
ing best practices to preserve or increase the security
level related to Web access:
