Using SNMP to view and configure switch authentication features
Number of primary and secondary login and enable attempts
TACACS+ server configuration and status
RADIUS server configuration
Selected 802.1X settings
Key management subsystem chain configuration
Key management subsystem key configuration
OSPF interface authentication configuration
Local switch operator and manager user names and passwords
With SNMP access to the hpSwitchAuth MIB enabled, a device with management access to the switch can view the configuration for the authentication features listed above (excluding user names, passwords, and keys). Using SNMP sets, a management device can change the authentication configuration (including changes to user names, passwords, and keys). Operator read/write access to the authentication MIB is always denied.
All user names, passwords, and keys configured in the hpSwitchAuth MIB are not returned through SNMP, and the response to SNMP queries for such information is a null string. However, SNMP sets can be used to configure user name, password, and key MIB objects.
To help prevent unauthorized access to the switch authentication MIB, Hewlett Packard Enterprise recommends following the reviewing Viewing and changing the SNMP access configuration.
If you do not want to use SNMP access to the switch authentication configuration MIB, then use the
snmp-server mib hpswitchauthmib excluded
command to disable this access, as described in the next section.
If you choose to leave SNMP access to the security MIB open (the default setting), Hewlett Packard Enterprise recommends that you configure the switch with the SNMP version 3 management and access security feature, and disable SNMP version 2c access. See “SNMP access to the authentication configuration MIB.”