API Guide
Restrict SNMP access
To filter SNMP requests on the switch, assign access lists to an SNMP community. Both IPv4 and IPv6 access lists are
supported.
1. Create access lists with permit or deny filters; for example:
OS10(config)# ip access-list snmp-read-only-acl
OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any
OS10(config-ipv4-acl)# exit
OS10(config)#
2. Apply ACLs to an SNMP community in CONFIGURATION mode.
OS10(config)# snmp-server community public ro acl snmp-read-only-acl
View SNMP ACL configuration
OS10# show snmp community
Community : public
Access : read-only
ACL : snmp-read-only-acl
Bootloader protection
To prevent unauthorized users with malicious intent from accessing your switch, protect the bootloader using a GRUB
password. OS10 allows you to enable, disable, and view bootloader protection.
This feature is available only for the sysadmin and secadmin roles.
NOTE:
When you enable bootloader protection, keep a copy of a configured user name and password. You cannot access
the switch without configured credentials.
● Enable bootloader protection in EXEC mode. Use the boot protect enable command to configure a username and
password. You can configure up to three users per switch.
OS10# boot protect enable username root password calvin
Disable bootloader protection for a specified user by using the boot protect disable command.
Enable bootloader protection
OS10# boot protect enable username root password calvin
Disable bootloader protection
OS10# boot protect disable username root
Display bootloader protectection
OS10# show boot protect
Boot protection enabled
Authorized users: root linuxadmin admin
Boot protect commands
boot protect disable username
Allows you to disable bootloader protection.
Syntax
boot protect disable username username
1054 Security