SNMP Access
● SNMP overview.............................................................................................................147
● SNMP community strings..............................................................................................147
● User-based security model........................................................................................... 150
● Defining SNMP views....................................................................................................154
● SNMP version 3 traps................................................................................................... 155
● Displaying SNMP Information....................................................................................... 159
● SNMP v3 configuration examples................................................................................. 160
SNMP overview
SNMP is a set of protocols for managing complex networks. SNMP sends messages, called protocol
data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store data
about themselves in Management Information Bases (MIBs) and return this data to the SNMP
requesters.
"Security Access" chapter in the FastIron Ethernet Switch Security Configuration Guide introduced a
few methods used to secure SNMP access. They included the following:
• Using ACLs to restrict SNMP access
• Restricting SNMP access to a specific IP address
• Restricting SNMP access to a specific VLAN
• Disabling SNMP access
This section presents additional methods for securing SNMP access to Brocade devices.
Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of defense
when the packet arrives at a Brocade device. The next level uses one of the following methods:
• Community string match In SNMP versions 1 and 2
• User-based model in SNMP version 3
SNMP views are incorporated in community strings and the user-based model.
SNMP community strings
SNMP versions 1 and 2 use community strings to restrict SNMP access. The default passwords for
Web management access are the SNMP community strings configured on the device:
• The default read-only community string is "public". To open a read-only Web management session,
enter “get” and “public” for the user name and password.
• There is no default read-write community string. Thus, by default, you cannot open a read-write
management session using the Web Management Interface. You first must configure a read-write
community string using the CLI. Then you can log on using "set" as the user name and the read-write
community string you configure as the password.
You can configure as many additional read-only and read-write community strings as you need. The
number of strings you can configure depends on the memory on the device. There is no practical limit.
FastIron Ethernet Switch Administration Guide
147
53-1003625-01
To Next Page
Loading...
