HP Ethernet BL-c manual Switch security, User, operator, and administrator access rights

Page 19

Switch IP settings

VLAN settings

XFP settings

Port names and types

Port trunking settings

Interswitch X-Connect port settings

SNMP settings

User name and password settings

Default access to various management interfaces

NTP settings

IMPORTANT: See "Runtime switching software default settings (on page 33)" for a complete list of default configuration settings.

Switch security

When planning the switch configuration, secure access to the management interface by:

Creating users with various access levels

Enabling or disabling access to various management interfaces to fit the security policy

Changing default SNMP community strings for read-only and read-write access

User, operator, and administrator access rights

To enable better switch management and user accountability, three levels or classes of user access have been implemented on the switch. Levels of access to CLI, Web management functions, and screens increase as needed to perform various switch management tasks. Conceptually, access classes are defined as:

User interaction with the switch is completely passive. Nothing can be changed on the switch. Users can display information that has no security or privacy implications, such as switch statistics and current operational state information.

Operators can only effect temporary changes on the switch. These changes will be lost when the switch is rebooted/reset. Operators have access to the switch management features used for daily switch operations. Because any changes an operator makes are undone by a reset of the switch, operators cannot severely impact switch operation.

Administrators are the only ones that can make permanent changes to the switch configuration, changes that are persistent across a reboot/reset of the switch. Administrators can access switch functions to configure and troubleshoot problems on the switch. Because administrators can also make temporary (operator-level) changes as well, they must be aware of the interactions between temporary and permanent changes.

Access to switch functions is controlled through the use of unique user names and passwords. Once connected to the switch via the local console, Telnet, or SSH, a password prompt appears.

Installing the switch 19

Page 18 Page 20
Image 19
Page 18 Page 20
Contents HP 110Gb Ethernet BL-c Switch User Guide Audience assumptions Contents Replacing a switch Acronyms and abbreviations Index Enterprise class performance FeaturesIntroduction Additional referencesIntroduction Configuration and management Switch redundancyDiagnostic tools Switch architecturePort Mapping Dual switches Redundant crosslinks Layer 2 switchingLayer 3 switching Supported technologiesSpanning Tree Protocol Ieee 802.1 Q-based VlanTftp support Store and forward switching schemePort mirroring Port trunking and load balancingRadius Jumbo frames SSH and SCPXModem Igmp SnoopingRedundant images in firmware Component identification 110Gb Ethernet Blade Switch front panelGreen-Link LED top Default settings Installing the switchPreparing for installation Planning the switch configurationUser, operator, and administrator access rights Switch securityConfiguring multiple switches Manually configuring a switchInstalling the switch Accessing the switch Logging on and configuring the switch Supporting software and special considerations Installing XFP transceiversInstalling the switch Replacing an existing switch Replacing a switchReplacing a switch Cables Regulatory compliance noticesClass a equipment ModificationsBsmi notice Japanese class a notice European Union regulatory noticeKorean class a notice Laser compliance General specifications Technical specificationsSTP Port names, VLANs, STP, trunking default settingsGeneral default settings Runtime switching software default settingsSTP Algorithm Setting Value Mstp UFD Igmp Performance specifications Physical and environmental specificationsCategory Specification Performing a serial download Serial upgrade of boot code firmware image procedureIntroduction Performing a serial download Performing a serial download 10G100.bin Serial upgrade of operating system firmware procedurePerforming a serial download Performing a serial download MIB overview Snmp MIBs supportSnmp Manager software Supported traps Supported MIBsSnmp MIBs support Preventing electrostatic discharge Electrostatic dischargeGrounding methods to prevent electrostatic discharge Standard RJ-45 receptacle/connector RJ-45 pin specificationRJ-45 signals RJ-45 pins DB-9 pins DB-9 signals Health LED on the switch is not on TroubleshootingTroubleshooting Bootp Page Troubleshooting Troubleshooting XFP transceiver port is disabled Switch configuration is corruptDownload fails after starting to download the firmware file Acronyms and abbreviations Ieee NTP SCP Index Switch self-test, troubleshooting
Top Page Image Contents