Configuring SNMP
Fixed Switch Configuration Guide 12-15
Subtree OID = 1.3.6.1.2.1
Subtree mask =
View Type = included
Storage type = nonVolatile
Row status = active
View Name = All
Subtree OID = 1.3.6.1.2.1.2
Subtree mask =
View Type = excluded
Storage type = nonVolatile
Row status = active
You can test this configuration using any MIB browser directed to the IP of the configured device
and using the default community name public associated with the view All. If configured
correctly, only your specified sections of the MIBs will be visible.
Configuring Secure SNMP Community Names
Procedure 12-4 on page 12-16 provides an example of a recommended configuration that will
prevent unsecured SNMPv1/v2c access of potentially security compromising information.
As discussed previously in this document, SNMP v1 and v2c are inherently insecure device
management protocols. Community names used to define access levels are passed in clear text in
all protocol frames sent to the managed entity and may be visible by read-only SNMP users when
querying certain SNMP configuration-related objects. In addition, you may be further exposing
your network due to configuration conventions which reuse the community names in other
aspects of entity management, such as CLI login passwords, and SNMP security names.
Enterasys recommends that you “secure” all SNMP community names. You do this by creating a
configuration that hides, through the use of “views” sensitive information from SNMP v1/v2c
users as follows:
To Next Page
Loading...
Need help?
General