beautypg.com

Snmp community strings, Encryption of snmp community strings, Adding an snmp community string – Brocade FastIron Ethernet Switch Administration Guide User Manual

Page 138

background image

• Restricting SNMP access to a specific VLAN
• Disabling SNMP access

This section presents additional methods for securing SNMP access to Brocade devices.

Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of
defense when the packet arrives at a Brocade device. The next level uses one of the following
methods:

• Community string match In SNMP versions 1 and 2
• User-based model in SNMP version 3

SNMP views are incorporated in community strings and the user-based model.

SNMP community strings

SNMP versions 1 and 2 use community strings to restrict SNMP access.

• The default read-only community string is "public".
• There is no default read-write community string. You first must configure a read-write community

string using the CLI. Then you can log on using "set" as the user name and the read-write
community string you configure as the password.

You can configure as many additional read-only and read-write community strings as you need. The
number of strings you can configure depends on the memory on the device. There is no practical limit.

NOTE
If you delete the startup-config file, the device automatically re-adds the default "public" read-only
community string the next time you load the software.

Encryption of SNMP community strings

The software automatically encrypts SNMP community strings. Users with read-only access or who do
not have access to management functions in the CLI cannot display the strings. For users with read-
write access, the strings are encrypted in the CLI.

Encryption is enabled by default. You can disable encryption for individual strings or trap receivers if
desired. Refer to the next section for information about encryption.

Adding an SNMP community string

The default SNMP community name (string) on a device is "public" with read only privilege.

You can assign other SNMP community strings, and indicate if the string is encrypted or clear. By
default, the string is encrypted.

To add an encrypted community string, enter commands such as the following.

device(config)#snmp-server community private rw

device(config)#write memory

Syntax: snmp-server community [ 0 | 1 ] string ro | rw [ view viewname ] [ standard-ACL-name |
standard-ACL-id ]

The string parameter specifies the community string name. The string can be up to 32 characters long.

SNMP community strings

138

FastIron Ethernet Switch Administration Guide

53-1003075-02

See also other documents in the category Brocade Computer Accessories: