Go to main content

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Exit Print View

» ...Documentation Home » Oracle SuperCluster M8 and SuperCluster M7 ... » Oracle^® SuperCluster M8 and ... » Securing the IB and Ethernet Switches » Hardening the IB Switch Configuration » Disable Unapproved SNMP Protocols (IB Switch)

Updated: June 2020

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Document Information

Using This Documentation

Understanding Security Principles

Reviewing the Default Security Configuration

Securing the Hardware

Securing Oracle ILOM

Securing the Compute Servers

Securing the ZFS Storage Appliance

Securing the Exadata Storage Servers

Securing the IB and Ethernet Switches

Log Into an IB Switch

Determine the IB Switch Firmware Version

Change root and nm2user Passwords

Change IB Switch Passwords (Oracle ILOM)

IB Switch Network Isolation

Default Exposed Network Services (IB Switch)

Hardening the IB Switch Configuration

Disable Unnecessary Services (IB Switch)

Configure HTTP Redirection to HTTPS (IB Switch)

Disable Unapproved SNMP Protocols (IB Switch)

Configure SNMP Community Strings (IB Switch)

Replace Default Self-Signed Certificates (IB Switch)

Configure the Administrative CLI Session Timeout (IB Switch)

Additional IB Switch Resources

Change the Ethernet Switch Password

Auditing for Compliance

Keeping SuperCluster M8 and SuperCluster M7 Systems Secure

Language:

Disable Unapproved SNMP Protocols (IB Switch)

By default, SNMPv1, SNMPv2c, and SNMPv3 are all enabled for the SNMP service that is used to monitor and manage the IB switch. Ensure that older versions of the SNMP protocol remain disabled unless required.

Note - Version 3 of the SNMP protocol introduced support for the User-based Security Model (USM). This functionality replaces the traditional SNMP community strings with actual user accounts that can be configured with specific permissions, authentication, and privacy protocols, and passwords. By default, the IB switch does not include any USM accounts. Configure SNMPv3 USM accounts based upon your own deployment, management, and monitoring requirements.

Log into an IB switch as ilom-admin.
See Log Into an IB Switch.

Determine the status of each of the SNMP protocols.

-> show /SP/services/snmp v1 v2c v3
/SP/services/snmp
Properties:
v1 = enabled
v2c = enabled
v3 = enabled

If needed, disable SNMPv1 and SNMPv2c.

-> set /SP/services/snmp v1=disabled
-> set /SP/services/snmp v2c=disabled

Copyright © 2020, Oracle and/or its affiliates.