S e c u r i t y N o t e s
RADIUS Authentication and Accounting
Using SNMP To View and Configure Switch Authentication Features
Using SNMP To View and Configure
Switch Authentication Features
SNMP MIB object access is available for switch authentication configuration
(hpSwitchAuth) features. This means that the switches covered by this Guide
allow, by default, manager-only SNMP read/write access to a subset of the
authentication MIB objects for the following features:
■
number of primary and secondary login and enable attempts
■
server configuration and status
■
RADIUS server configuration
■
selected 802.1X settings
■
key management subsystem chain configuration
■
key management subsystem key configuration
■
OSPF interface authentication configuration
■
local switch operator and manager usernames and passwords
With SNMP access to the hpSwitchAuth MIB enabled, a device with manage
ment access to the switch can view the configuration for the authentication
features listed above (excluding usernames, passwords, and keys). Using
SNMP sets, a management device can change the authentication configuration
(
including
changes to usernames, passwords, and keys). Operator read/write
access to the authentication MIB is always denied.
All usernames, passwords, and keys configured in the hpSwitchAuth MIB are
not returned via SNMP, and the response to SNMP queries for such informa
tion is a null string. However, SNMP sets can be used to configure username,
password, and key MIB objects.
To help prevent unauthorized access to the switch’s authentication MIB,
ProCurve recommends following the “SNMP Security Guidelines” on page 1-16.
If you do not want to use SNMP access to the switch’s authentication config
uration MIB, then use the
snmp-server mib hpswitchauthmib excluded
command
to disable this access, as described in the next section.
If you choose to leave SNMP access to the security MIB open (the default
setting), ProCurve recommends that you configure the switch with the SNMP
version 3 management and access security feature, and disable SNMP version
2c access. (Refer to “Access Security Features” on page 1-3.)
5-21
Summary of Contents for PROCURVE 2910AL
Page 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Page 2: ......
Page 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Page 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Page 156: ...TACACS Authentication Operating Notes 4 30 ...
Page 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Page 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Page 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Page 592: ...12 Index ...
Page 593: ......