Manualshelf

Common Criteria for HP Networking Switches

ManualsBrandsHP ManualsComputer AccessoriesHP 20-port Gig-T / 4-port SFP v2 zl Module
11121314151617181920
13
include encryption settings. If for any reason SNMPv3 is not an option for your network, you can enable
SNMPv2 in restricted mode. This will allow management devices to “get” information from a networking
device, but not “set” or change any settings on the networking device. Enter the following command:
HP Switch(config)# snmp-server community < community_name > restricted
Disable the “public” community name in any SNMP configuration mode by entering the following
command:
HP Switch(config)# no snmp-server community public
Some security policies may mandate that SNMP be disabled altogether. Disable all SNMP by entering the
following command:
HP Switch(config)# no snmp-server enable
For details, refer to:
“Using SNMP To View and Configure Switch Authentication Features in the chapter titled
“RADIUS Authentication, Authorization, and Accounting” in the Access Security Guide for your
switch.
“Using SNMP Tools To Manage the Switch” in the chapter titled “Configuring for Network
Management Applications” in the Management and Configuration Guide for your switch.
For information on options for this command, refer to the section titled “CLI: Viewing and
Configuring SNMP Community Names” in the “Configuring for Network Management
Applications” chapter of the Management and Configuration Guide for your switch.
IP Stack Management
IP Stack Management allows HP stackable switches to be managed as a group using only a single IP
address. There are a number of advantages, though they are more related to ease of use than security.
For those who choose not to deploy IP Stack Management, it is advisable to disable the feature to
prevent potential hijacking of the switch.
To determine whether the stacking protocol is enabled, execute the command:
HP Switch(config)# show stack
Once IP Stack Management is enabled, it only requires one command to disable:
HP Switch(config)# no stack
Once the IP Stack Management protocol is disabled, the switch cannot become a Commander or a
Member. See the Advanced Traffic Management Guide for more information on IP Stack Management
and a list of devices on which it is supported.