HP StorageWorks 2/32 SAN switch 2/32 version 4.0.2b release notes - Page 23

Fabric Watch Daemon Startup, SNMP Security

Get HP StorageWorks 2/32 - SAN Switch PDF manuals and user guides View all HP StorageWorks 2/32 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 23 highlights

Fabric OS Commands Fabric Watch Daemon Startup During a switch startup or switch reboot, the Fabric Watch daemon is one of the last processes to become active. Depending on the size of the fabric, Fabric Watch may take several minutes to complete its start up sequence. Before Fabric Watch is completely active, it will not be able to monitor events occurring in the fabric. During this time, the switchStatusPolicyShow command will show the default settings instead of any custom settings. SNMP Security Security for the Simple Network Management Protocol (SNMP) functionality has been updated in two ways: ■ Response to the CERT Coordination Center advisory notices VU#854306 and VU#107186. ■ The CERT Coordination Center has issued a broad based alert to the technology industry regarding potential security vulnerabilities identified in SNMP, ranging from unauthorized privileged access, denial of service attacks, or unstable behavior. Fabric OS Version 4.0.2b is based on MontaVista's embedded Linux real-time operating system, and incorporates V15.2 of the SNMP agent from SNMP Research. In response to the advisory, Fabric OS V4.0.2b includes the most current patch level of v15.3.1.4 of the SNMP Research agent, which SNMP Research has indicated is not susceptible to the vulnerability described in notes VU#854306 and VU#107186. SNMP trap recipients have been linked to the Access Control List (ACL). In order for an SNMP Management Station to receive a trap generated by the agent, the administrator must configure a trap recipient to correspond to the IP address of the Management Station. In addition the trap recipient must be able to pass the ACL check. The ACL check is as follows: There are six ACLs to restrict SNMP get/set/trap operations to hosts under a host-subnet-area. Host-subnet-area is defined by comparing non-zero IP octets. For example, an ACL of 192.168.64.0 allows for access by any hosts that start with the specified octets. The connecting host is enabled to set each host-subnet-area to be read-write or read-only. Highest privilege matched out of six entries is given to the access. The ACL check is turned off when all six entries contain 0.0.0.0. SAN switch 2/32 Version 4.0.2b Release Notes 23

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
Fabric OS Commands
23
SAN switch 2/32 Version 4.0.2b Release Notes
Fabric Watch Daemon Startup
During a switch startup or switch reboot, the Fabric Watch daemon is one of the
last processes to become active. Depending on the size of the fabric, Fabric Watch
may take several minutes to complete its start up sequence. Before Fabric Watch is
completely active, it will not be able to monitor events occurring in the fabric.
During this time, the
switchStatusPolicyShow
command will show the
default settings instead of any custom settings.
SNMP Security
Security for the Simple Network Management Protocol (SNMP) functionality has
been updated in two ways:
Response to the CERT Coordination Center advisory notices VU#854306 and
VU#107186.
The CERT Coordination Center has issued a broad based alert to the
technology industry regarding potential security vulnerabilities identified in
SNMP, ranging from unauthorized privileged access, denial of service attacks,
or unstable behavior.
Fabric OS Version 4.0.2b is based on MontaVista's embedded Linux real-time
operating system, and incorporates V15.2 of the SNMP agent from SNMP
Research. In response to the advisory, Fabric OS V4.0.2b includes the most
current patch level of v15.3.1.4 of the SNMP Research agent, which SNMP
Research has indicated is not susceptible to the vulnerability described in notes
VU#854306 and VU#107186.
SNMP trap recipients have been linked to the Access Control List (ACL). In order
for an SNMP Management Station to receive a trap generated by the agent, the
administrator must configure a trap recipient to correspond to the IP address of the
Management Station. In addition the trap recipient must be able to pass the ACL
check.
The ACL check is as follows: There are six ACLs to restrict SNMP get/set/trap
operations to hosts under a host-subnet-area. Host-subnet-area is defined by
comparing non-zero IP octets. For example, an ACL of
192.168.64.0
allows for
access by any hosts that start with the specified octets. The connecting host is
enabled to set each host-subnet-area to be read-write or read-only. Highest
privilege matched out of six entries is given to the access.
The ACL check is turned off when all six entries contain
0.0.0.0
.