Manualshelf

Configuration Guide Manual

ManualsBrandsBrocade ManualsComputer AccessoriesTurboIron 24X Series
191192193194195196197198199200
Brocade TurboIron 24X Series Configuration Guide 163
53-100305301
Chapter
8
Securing SNMP Access
In this chapter
SNMP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Establishing SNMP community strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Defining SNMP views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
SNMP version 3 traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Displaying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
SNMP v3 Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
SNMP overview
SNMP is a set of protocols for managing complex networks. SNMP sends messages, called protocol
data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store
data about themselves in Management Information Bases (MIBs) and return this data to the SNMP
requesters.
Chapter 5, “Securing Access to Management Functions” introduced a few methods used to secure
SNMP access. They included the following:
“Using ACLs to restrict SNMP access” on page 66
“Restricting SNMP access to a specific IP address” on page 68
“Restricting SNMP access to a specific VLAN” on page 71
“Disabling SNMP access” on page 73
This chapter presents additional methods for securing SNMP access to devices. It contains the
following sections:
“Establishing SNMP community strings”
“Using the user-based security modelSNMP version 3 (RFC 2570 through 2575) introduces a
User-Based Security model (RFC 2574) for authentication and privacy services.”
“SNMP v3 Configuration examples”
“SNMP version 3 traps”
“Displaying SNMP Information”
“SNMP v3 Configuration examples”
Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of
defense when the packet arrives at a device. The next level uses one of the following methods:
Community string match In SNMP versions 1 and 2
User-based model in SNMP version 3
SNMP views are incorporated in community strings and the user-based model.