BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
32 Chapter 1: Accessing the Switch BMD00113, September 2009
Default Configuration
BLADE OS has two SNMP v3 users by default. Both of the following users have access to all the
MIBs supported by the switch:
username 1: adminmd5/password adminmd5. Authentication used is MD5.
username 2: adminsha/password adminsha. Authentication used is SHA.
To configure an SNMP user name, enter the following command from the CLI:
User Configuration
Users can be configured to use the authentication/privacy options. The GbE2c supports two
authentication algorithms: MD5 and SHA, as specified in the following command:
1. To configure a user with name “admin,” authentication type MD5 with authentication password of
“admin,” and privacy option DES with privacy password of “admin,” use the following commands.
2. Configure a user access group, along with the views the group may access. Use the access table to
configure the group’s access level.
Because the read view (rview), write view (wview), and notify view (nview) are all set to “iso,”
the user type has access to all private and public MIBs.
3. Assign the user to the user group. Use the group table to link the user to a particular access group.
If you want to allow user access only to certain MIBs, see the following section.
>> # /cfg/sys/ssnmp/snmpv3/usm <user number>
>> # /cfg/sys/ssnmp/snmpv3/usm <user number>/
auth {md5|sha|none}
>> # /cfg/sys/ssnmp/snmpv3/usm 5
>> SNMPv3 usmUser 5# name "admin" (Configure ‘admin’ user type)
>> SNMPv3 usmUser 5# auth md5
>> SNMPv3 usmUser 5# authpw admin
>> SNMPv3 usmUser 5# priv des
>> SNMPv3 usmUser 5# privpw admin
>> # /cfg/sys/ssnmp/snmpv3/access 5
>> SNMPv3 vacmAccess 5# name "admingrp" (Configure an access group)
>> SNMPv3 vacmAccess 5# level authPriv
>> SNMPv3 vacmAccess 5# rview "iso"
>> SNMPv3 vacmAccess 5# wview "iso"
>> SNMPv3 vacmAccess 5# nview "iso"
>> # /cfg/sys/ssnmp/snmpv3/group 5
>> SNMPv3 vacmSecurityToGroup 5# uname admin
>> SNMPv3 vacmSecurityToGroup 5# gname admingrp