API Guide
Table Of Contents
- Dell EMC SmartFabric OS10 Security Best Practices Guide May 2021
- Contents
- OS10 security best practices
○ view-name—Enter the name of a read-only, read/write, or notify view. A maximum of 32 characters.
○ oid-tree—Enter the SNMP object ID at which the view starts in 12-octet dotted-decimal format.
○ included—(Optional) Include the MIB family in the view.
○ excluded—(Optional) Exclude the MIB family from the view.
● Configure SNMP groups.
OS10(config)# snmp-server group group-name v3 security-level [read view-name] [write
view-name] [notify view-name]
○ group-name—Enter the name of the group. A maximum of 32 alphanumeric characters.
○ v3 security-level—SNMPv3 provides optional user authentication and encryption for SNMP messages, configured
with the snmp-server user command.
○ security-level—(SNMPv3 only) Configure the security level for SNMPv3 users:
■ auth—Authenticate users in SNMP messages.
■ noauth—Do not authenticate users or encrypt SNMP messages; send messages in plain text.
■ priv—Authenticate users and encrypt or decrypt SNMP messages.
○ access acl-name—(Optional) Enter the name of an IPv4 or IPv6 access list to filter SNMP requests received on the
switch. A maximum of 16 characters.
○ read view-name—(Optional) Enter the name of a read-only view. A maximum of 32 characters maximum.
○ write view-name—(Optional) Enter the name of a read/write view. A maximum of 32 characters maximum.
○ notify view-name—(Optional) Enter the name of a notification view. A maximum of 32 characters maximum.
● Configure SNMP users.
OS10(config)# snmp-server user user-name group-name security-model localized auth sha
auth-password priv aes priv-password
OS10(config)# exit
OS10# write memory
○ user-name—Enter the name of the user. A maximum of 32 alphanumeric characters.
○ group-name—Enter the name of the group to which the user belongs. A maximum of 32 alphanumeric characters.
○ security-model—Enter an SNMP version that sets the security level for SNMP messages:
■ 3—SNMPv3 provides user authentication and encryption for SNMP messages.
○ auth—(SNMPv3 only) Include a user authentication key for SNMPv3 messages sent to the user:
■ sha—Generate an authentication key using the SHA algorithm.
■ auth-password—Enter the encrypted string.
○ priv—Configure encryption for SNMPv3 messages sent to the user:
■ aes—Encrypt messages using AES 128-bit algorithm.
■ priv-password—Enter the encrypted string.
○ localized—Generate an SNMPv3 authentication and/or privacy key in localized key format.
Check what SNMP rules are running
OS10# show running-configuration snmp
!
snmp-server community public ro acl snmp-read-only-acl
Control plane
The control plane includes monitoring, route table updates, and the dynamic operation of the system.
System clock rules
These system clock rules enforce device time and timestamp settings.
Set the timezone to Coordinated Universal Time (UTC)
Rationale: By default, the system time zone is set to UTC. If the default time zone is changed, set it to UTC. Setting the
system time zone to UTC eliminates difficulty troubleshooting issues across different time zones.
18
OS10 security best practices