Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesBigIron RX Series
1171117211731174117511761177117811791180
BigIron RX Series Configuration Guide 1095
53-1002484-04
Chapter
37
Securing SNMP Access
In this chapter
SNMP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1095
Establishing SNMP community strings . . . . . . . . . . . . . . . . . . . . . . . . . . 1095
Using the user-based security model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1097
Configuring your NMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1097
Defining SNMP views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1103
SNMP overview
Simple Network Management Protocol (SNMP) is a set of protocols for managing complex
networks. SNMP sends messages, called protocol data units (PDUs), to different parts of a
network. SNMP-compliant devices, called agents, store data about themselves in Management
Information Bases (MIBs) and return this data to the SNMP requesters.
This chapter introduces a few methods used to secure SNMP access to the BigIron RX.
Establishing SNMP community strings
SNMP versions 1 and 2 use community strings to restrict SNMP access. The default passwords for
SNMP access are the SNMP community strings configured on the device:
The default read-only community string is “public”. To open an SNMP session, enter “get” and
“public” for the user name and password.
By default, you cannot open a read-write management session. You first must configure a
read-write community string using the CLI. Then you can log on using “set” as the user name
and the read-write community string you configure as the password.
You can configure as many additional read-only and read-write community strings as you need. The
number of strings you can configure depends on the memory on the device. There is no practical
limit.
If you delete the startup configuration file, the device automatically re-adds the default “public”
read-only community string the next time you load the software.
Encryption of SNMP community strings
The software automatically encrypts SNMP community strings. Users with read-only access or who
do not have access to management functions in the CLI cannot display the strings. For users with
read-write access, the strings are encrypted in the CLI but are shown in the clear in the Web
management interface.