Filter
Top Products
Points to Note When Using the WXR100, WX1200, WX4400, or WX2200 15
■ Access to 3WXM. To secure access, configure user
accounts within 3WXM.
■ Access to the 3WXM monitoring service. To secure
access, configure user accounts within the moni-
toring service.
■ Do not use passwords that are easy to guess, such
as vehicle registration plates, family birthdays and
names, or common words. Use combinations of
uppercase and lowercase letters as well as num-
bers in all passwords.
SNMP
SNMP is disabled by default. 3Com recommends that
you leave SNMP disabled unless you are using 3Com
Network Director or a similar product to manage your
wired network. If you do need to use SNMP, do not
use the well-known community strings public (com-
monly used for read-only access) or private (com-
monly used for read-write access.) By default, no
SNMP community strings are configured. Use SNMP
on an isolated management VLAN so that the clear
text community strings are not visible on the public
network.
To disable SNMP (if not already disabled), use the set
ip snmp server disable command.
To change the community strings, use the set snmp
community command.
CLI Access
MSS allows CLI access through the console, through
Telnet, and through SSH. Console and SSH access are
enabled by default. Telnet is disabled by default.
Configure a username and password, so that MSS
requires login even for console access. Usernames
and their passwords are not specific to the type of
management access. You can use the same username
and password for access through the console, Telnet,
or SSH.
Leave Telnet disabled unless you need it. Use SSH
instead.
Web Access
WebView uses HTTPS for encrypted communications
and certificate-based server authentication, and
requires use of the enable password.
WebView access through HTTPS is disabled by
default. Unless you need to use WebView, leave the
HTTPS server on the WX switch disabled. (Even
though 3WXM also uses HTTPS, disabling the HTTPS
server does not disable access by 3WXM.)
If you do need to use WebView, you can enable it
using the set ip https server enable command. Use
the following best practices to preserve or increase
the security level related to Web access:
■ Use an enable password that follows the password
recommendations given above.
■ Use a CA-signed certificate instead of a self-signed
certificate on the WX switch.
If a user’s client does not trust the certificate, the user
might experience an additional delay during login. To
avoid the additional delay, use a certificate signed by
your CA or an Internet CA.