6.7 Security Features

The switch provides security features that allow you to control management access and network access as described in the following sections.

6.7.1 SNMP Community Strings

Access to the switch using network management tools (HP OpenView) is controlled by SNMP community strings. This switch supports up to five community strings. A character string indicating the access rights of the management community must be provided whenever you send an SNMP message to the switch. Each community has either read-only or read/write access rights. A community that has read-only access can only use GET and GETNEXT commands to view the current configuration settings and status of the switch. While a community with read/write access can GET and GETNEXT commands, as well as the SET command to configure the switch.

6.7.2 User Name and Passwords

This switch can also be accessed via a direct connection to the console port, or through a network connection using Telnet or a Web browser. When managing the switch by any of these means, a user name and password is required to enter the system. There are two sets of user names and passwords. One set has administrator rights, which allows you to view or modify system parameters. The other set has read-only access, which allows you to view the status of the system, but not to modify it.

6.7.3 MAC Address Filters

If you discover that some nodes are sending abnormal or malicious data that could adversely affect the network or cause security problems, you can set their MAC addresses to be filtered by the switch. Any packets with a source or destination address listed in the MAC address filter will then be dropped by the switch upon entry.

6.7.4 IP Address Filters

IP addresses can also set to be filtered by the switch. IP packets with a source or destination address listed in the IP address filter will be dropped by the switch upon entry.

WGS3 Layer 3 Switch User’s Manual

- 247 -