11
Enforcing Switch Security
Switch Management Access Security
Note on SNMP Access to Local Authentication MIB Objects
Downloading and booting U.11.04 or later software versions for the first time enables SNMP access
to the switch’s local authentication configuration MIB objects (the default action). If SNMPv3 and
other security safeguards are not in place, the local username and password MIB objects are exposed
to unprotected SNMP access and you should use the preceding command to disable this access.
2. If you choose to leave the local authentication configuration MIB objects accessible, then you
should do the following to help ensure that unauthorized workstations cannot use SNMP tools
to change the settings:
• Configure SNMP version 3 management and access security on the switch.
• Disable SNMP version 2c on the switch.
Front-Panel Access and Physical Security
Physical access to the switch allows the following:
■ use of the console serial port (CLI and Menu interface) for viewing and changing the current
configuration and for reading status, statistics, and log messages.
■ use of the switch’s Clear and Reset buttons for these actions:
• clearing (removing) local password protection
• rebooting the switch
• restoring the switch to the factory default configuration (and erasing any non-default
configuration settings)
Keeping the switch in a locked wiring closet or other secure space helps to prevent unauthorized
physical access. As additional precautions, you can do the following:
■ Disable or re-enable the password-clearing function of the Clear button.
■ Configure the Clear button to reboot the switch after clearing any local usernames and
passwords.
■ Modify the operation of the Reset+Clear button combination so that the switch reboots, but
does not restore the switch’s factory default settings.
■ Disable or re-enable password recovery.