Enforcing Switch Security
Switch Management Access Security
Caution:
Downloading and booting from the M.08.89 or greater software version for the first time enables SNMP access to the authentication configuration MIB (the default action). If SNMPv3 and other security safeguards are not in place, the switch’s authentication configuration MIB is exposed to unprotected SNMP access and you should use the above command to disable this access.
2.If you choose to leave the authentication configuration MIB accessible, then you should do the following to help ensure that unauthorized workstations cannot use SNMP tools to access the MIB:
•Configure SNMP version 3 management and access security on the switch.
•Disable SNMP version 2c on the switch.
Refer to “Using SNMP Tools To Manage the Switch” in the chapter titled “Configuring for Network Management Applications” in the Management and Configuration Guide for your switch. .
Physical Access to the SwitchPhysical access to the switch allows the following:
■use of the console serial port (CLI and Menu interface) for viewing and changing the current configuration and for reading status, statistics, and log messages.
■use of the switch’s Clear and Reset buttons for these actions:
•clearing (removing) local password protection
•rebooting the switch
•restoring the switch to the factory default configuration (and erasing any nondefault configuration settings)
Keeping the switch in a locked wiring closet or other secure space helps to prevent unauthorized physical access. As additional precautions, you can do the following:
■Disable or
■Configure the Clear button to reboot the switch after clearing any local usernames and passwords.
■Modify the operation of the Reset+Clear button combination so that the switch reboots, but does not restore the switch’s factory default settings.
■Disable or
13