HP StorageWorks 2/32 SAN switch 2/32 version 4.0.2b release notes - Page 23
Fabric Watch Daemon Startup, SNMP Security
View all HP StorageWorks 2/32 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 23 highlights
Fabric OS Commands Fabric Watch Daemon Startup During a switch startup or switch reboot, the Fabric Watch daemon is one of the last processes to become active. Depending on the size of the fabric, Fabric Watch may take several minutes to complete its start up sequence. Before Fabric Watch is completely active, it will not be able to monitor events occurring in the fabric. During this time, the switchStatusPolicyShow command will show the default settings instead of any custom settings. SNMP Security Security for the Simple Network Management Protocol (SNMP) functionality has been updated in two ways: ■ Response to the CERT Coordination Center advisory notices VU#854306 and VU#107186. ■ The CERT Coordination Center has issued a broad based alert to the technology industry regarding potential security vulnerabilities identified in SNMP, ranging from unauthorized privileged access, denial of service attacks, or unstable behavior. Fabric OS Version 4.0.2b is based on MontaVista's embedded Linux real-time operating system, and incorporates V15.2 of the SNMP agent from SNMP Research. In response to the advisory, Fabric OS V4.0.2b includes the most current patch level of v15.3.1.4 of the SNMP Research agent, which SNMP Research has indicated is not susceptible to the vulnerability described in notes VU#854306 and VU#107186. SNMP trap recipients have been linked to the Access Control List (ACL). In order for an SNMP Management Station to receive a trap generated by the agent, the administrator must configure a trap recipient to correspond to the IP address of the Management Station. In addition the trap recipient must be able to pass the ACL check. The ACL check is as follows: There are six ACLs to restrict SNMP get/set/trap operations to hosts under a host-subnet-area. Host-subnet-area is defined by comparing non-zero IP octets. For example, an ACL of 192.168.64.0 allows for access by any hosts that start with the specified octets. The connecting host is enabled to set each host-subnet-area to be read-write or read-only. Highest privilege matched out of six entries is given to the access. The ACL check is turned off when all six entries contain 0.0.0.0. SAN switch 2/32 Version 4.0.2b Release Notes 23