SNMP settings

User name and password settings

Default access to various management interfaces

NTP settings

IMPORTANT: See "Runtime switching software default settings (on page 28)" for a complete list of default configuration settings.

Switch security

When planning the switch configuration, secure access to the management interface by:

Creating users with various access levels

Enabling or disabling access to various management interfaces to fit the security policy

Changing default SNMP community strings for read-only and read-write access

User, operator, and administrator access rights

To enable better switch management and user accountability, three levels or classes of user access have been implemented on the switch. Levels of access to CLI, Web management functions, and screens increase as needed to perform various switch management tasks. Conceptually, access classes are defined as:

User interaction with the switch is completely passive. Nothing can be changed on the switch. Users can display information that has no security or privacy implications, such as switch statistics and current operational state information.

Operators can only effect temporary changes on the switch. These changes will be lost when the switch is rebooted/reset. Operators have access to the switch management features used for daily switch operations. Because any changes an operator makes are undone by a reset of the switch, operators cannot severely impact switch operation.

Administrators are the only ones that can make permanent changes to the switch configuration, changes that are persistent across a reboot/reset of the switch. Administrators can access switch functions to configure and troubleshoot problems on the switch. Because administrators can also make temporary (operator-level) changes as well, they must be aware of the interactions between temporary and permanent changes.

Access to switch functions is controlled through the use of unique surnames and passwords. Once connected to the switch via the local console, Telnet, or SSH, a password prompt appears.

NOTE: It is recommended to change the default switch passwords after initial configuration and as regularly as required under the network security policies. For more information, see the HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Command Reference Guide.

The default user name and password for each access level are:

User account

Description and tasks performed

Password

 

 

 

User

The user has no direct responsibility for switch management. He or she

user

 

can view all switch status information and statistics, but cannot make

 

 

any configuration changes to the switch.

 

 

 

 

Installing the switch 17