beautypg.com

Encryption of snmp community strings, Adding an snmp community string – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 354

background image

336

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Establishing SNMP community strings

10

The default read-only community string is “public”. Use this community string for any SNMP
Get, GetNext, or GetBulk request.

By default, you cannot perform any SNMP Set operations since a read-write community string
is not configured.

You can configure as many additional read-only and read-write community strings as you need. The
number of strings you can configure depends on the memory on the device. There is no practical
limit.

If you delete all read-only community strings, the device automatically re-adds the default “public”
read-only community string the next time you load the software, or you disable and re-enable the
SNMP feature.

Encryption of SNMP community strings

Encryption is enabled by default. The software automatically encrypts SNMP community strings.
Users with read-only access or who do not have access to management functions in the CLI cannot
display the strings. For users with read-write access, the strings are encrypted in the CLI but are
shown in the clear in the Web Management Interface.

To display the community strings in the CLI, first use the enable password-display command and
then use the show snmp server command. This will display both the read-only and read-write
community strings in the clear.

Adding an SNMP community string

By default, the string is encrypted. To add a community string, enter commands such as the
following.

Brocade(config)# snmp-server community private rw

The command adds the read-write SNMP community string “private”.

Syntax: [no] snmp-server community string

ro | rw [view viewname] [standard-acl-name | standard-acl-id | ipv6 ipv6-acl-name]

The string parameter specifies the community string name. The string can be up to 32 characters
long.

The system modifies the configuration to session 10.1.1.1 key 2 $XkBTb24tb0RuXA==

For example, the following portion of the code has the encrypted code “2”.

snmp-server community 2 $D?@d=8 rw

The prefix can be one of the following:

1 = the community string uses proprietary simple cryptographic 2-way algorithm (only for
NetIron CES and NetIron CER)

2 = the community string uses proprietary base64 cryptographic 2-way algorithm (only for
NetIron XMR and NetIron MLX)

The ro | rw parameter specifies whether the string is read-only (ro) or read-write (rw).

The view viewstring parameter is optional. It allows you to associate a view to the members of this
community string. Enter up to 32 alphanumeric characters. If no view is specified, access to the full
MIB is granted. The view that you want must exist before you can associate it to a community string.
Here is an example of how to use the view parameter in the community string command.

See also other documents in the category Brocade Computer Accessories: