Manualshelf

API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n
11121314151617181920
OS10(config)# exit
OS10# write memory
Enable login banner
Rationale: The login banner is displayed after the user logs in to the system.
Configuration:
OS10(config)# banner motd %
DellEMC S4148U-ON login
Enter your username and password
%
OS10(config)# exit
OS10# write memory
SNMP rules
Restricted Simple Network Management Protocol (SNMP) access improves device security when SNMP is used.
Forbid read and write access to a specific SNMP community
Rationale: Forbid read and write access to one or more SNMP communities so that an unauthorized entity cannot remotely
manipulate the device.
Configuration:
OS10(config)# no snmp-server community community_string {ro | rw}
OS10(config)# exit
OS10# write memory
Forbid access to SNMP without ACL
Rationale: If no ACL is configured, anyone with a valid SNMP community string can access the system and potentially make
unnecessary changes. Define and apply an ACL so that only an authorized group of trusted stations can have access SNMP
access to the system.
Configuration:
OS10(config)# snmp-server community name {ro | rw} acl acl-name
OS10(config)# exit
OS10# write memory
OS10(config)# ip access-list snmp-read-only-acl
OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any
OS10(config-ipv4-acl)# exit
OS10(config)# snmp-server community public ro acl snmp-read-only-acl
OS10(config)# exit
OS10# write memory
Configure SNMP v3
Rationale: SNMP v2 does not support encryption or authentication. Dell EMC Networking strongly recommends that you use
SNMP v3 which supports secure access to SNMP resources.
Configuration:
Configure SNMP engine ID.snmp-server engineID [local engineID] [remote ip-address {[udp-port
port-number] remote-engineID}]
local engineIDEnter the engine ID that identifies the local SNMP agent on the switch as an octet colon-separated
number. A maximum of 27 characters.
remote ip-addressEnter the IPv4 or IPv6 address of a remote SNMP device that accesses the local SNMP agent.
udp-port port-numberEnter the UDP port number on the remote device, from 0 to 65535.
remote-engineIDEnter the engine ID that identifies the SNMP agent on a remote device, 0x then by a hexadecimal
string).
OS10 security best practices
17