Switch security, User, operator, and administrator access rights – HP ProLiant xw460c Blade Workstation User Manual
Page 17
Installing the switch 17
•
SNMP settings
•
User name and password settings
•
Default access to various management interfaces
•
NTP settings
IMPORTANT: See "Runtime switching software default settings (on page
)" for a complete list of default
configuration settings.
Switch security
When planning the switch configuration, secure access to the management interface by:
•
Creating users with various access levels
•
Enabling or disabling access to various management interfaces to fit the security policy
•
Changing default SNMP community strings for read-only and read-write access
User, operator, and administrator access rights
To enable better switch management and user accountability, three levels or classes of user access have
been implemented on the switch. Levels of access to CLI, Web management functions, and screens
increase as needed to perform various switch management tasks. Conceptually, access classes are
defined as:
•
User interaction with the switch is completely passive. Nothing can be changed on the switch. Users
can display information that has no security or privacy implications, such as switch statistics and
current operational state information.
•
Operators can only effect temporary changes on the switch. These changes will be lost when the
switch is rebooted/reset. Operators have access to the switch management features used for daily
switch operations. Because any changes an operator makes are undone by a reset of the switch,
operators cannot severely impact switch operation.
•
Administrators are the only ones that can make permanent changes to the switch configuration,
changes that are persistent across a reboot/reset of the switch. Administrators can access switch
functions to configure and troubleshoot problems on the switch. Because administrators can also
make temporary (operator-level) changes as well, they must be aware of the interactions between
temporary and permanent changes.
Access to switch functions is controlled through the use of unique surnames and passwords. Once
connected to the switch via the local console, Telnet, or SSH, a password prompt appears.
NOTE: It is recommended to change the default switch passwords after initial configuration and as
regularly as required under the network security policies. For more information, see the HP GbE2c Ethernet
Blade Switch for c-Class BladeSystem Command Reference Guide.
The default user name and password for each access level are:
User account
Description and tasks performed
Password
User
The user has no direct responsibility for switch management. He or she
can view all switch status information and statistics, but cannot make
any configuration changes to the switch.
user