beautypg.com

Displaying the snmp community strings, Using the user-based security model – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 355

background image

Multi-Service IronWare Security Configuration Guide

337

53-1003035-02

Using the User-Based Security model

10

Brocade(config)# snmp-s community myread ro view sysview

The command in this example associates the view “sysview” to the community string named
“myread”. The community string has read-only access to “sysview”. For information on how create
views, refer to the section

“Defining SNMP views”

.

The standard-acl-name | standard-acl-id | ipv6 ipv6-acl-name parameter is optional. It allows you
to specify which ACL is used to filter the incoming SNMP packets. You can enter either the ACL
name or its ID for an IPv4 ACL; for an IPv6 ACL, you must enter the keyword ipv6 followed by the
name of the IPv6 ACL. Here are examples.

Brocade(config) # snmp-s community myread ro view sysview 2

Brocade(config) # snmp-s community myread ro view sysview myacl

The command in the first example specifies that ACL group 2 filters incoming SNMP packets,
whereas the command in the second example uses the IPv4 ACL group called “myacl” to filter
incoming packets.

Displaying the SNMP community strings

To display the community strings in the CLI, first use the enable password-display command and
then use the show snmp server command. This will display both the read-only and read-write
community strings in the clear.

To display the configured community strings, enter the following command at any CLI level.

Brocade(config)# show snmp server

Syntax: show snmp server

NOTE

If display of the strings is encrypted, the strings are not displayed. Encryption is enabled by default.

Using the User-Based Security model

SNMP version 3 (RFC 2570 through 2575) introduces a User-Based Security model (RFC 2574) for
authentication and privacy services.

SNMP version 1 and version 2 use community strings to authenticate SNMP access to
management modules. This method can still be used for authentication. In SNMP version 3, the
User-Based Security model of SNMP can be used to secure against the following threats:

Modification of information

Masquerading the identity of an authorized entity

Message stream modification

Disclosure of information

Furthermore, SNMP version 3 supports View-Based Access Control Mechanism (RFC 2575) to
control access at the PDU level. It defines mechanisms for determining whether or not access to a
managed object in a local MIB by a remote principal should be allowed. (Refer to the section

“Defining SNMP views”

.)

See also other documents in the category Brocade Computer Accessories: