Controlling access, Physical security, Password-based access control – HP MPX200 Multifunction Router User Manual

identifying the FCIP route you want to modify. When you add a new FCIP route, fixed default
values are used because there is no existing route from which to get defaults. For example, if you
do not specify an MTU size, normal is the default.

The view log command is a good example of persistent data use. If you issue a command to
display the previous ten log entries, the current position in the log file is saved. The next time you
issue the view log command, it displays the next ten entries, and then saves the new position.

Controlling access

Access control includes elements of both physical security and passwords.

Physical security

In order to prevent unauthorized changes to MPX routers, HP recommends that you connect to the
router’s management ports only from within a network that has no connection outside the local
area and where access to the local area is limited to authorized personnel.

Under these circumstances, the admin password can remain at the factory default setting, and
command line usage does not require passwords.

Password-based access control

Remote CLI does not require you to use the /pw keyword if the password on the router is set to the
factory default. HP recommends that you set a new password on the router unless the router is in
a physically secure area with access only for trusted individuals. After you set a new password,
all subsequent RCLI commands must include the /pw keyword.

Passwords are visible inside script files and on the command line. All scripts that use RCLI must be
protected by file system permissions or encryption. To prevent unauthorized access, HP recommends
that remote users of RCLI always use an encrypted connection, such as a VPN.

Controlling access

11