beautypg.com

Trap receivers, Configuring access for snmp version 3 clients – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Page 72

background image

22

Brocade 6910 Ethernet Access Switch Configuration Guide

53-1002581-01

Basic Configuration

2

private - with read/write access. Authorized management stations are able to both retrieve and
modify MIB objects.

To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is
recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “snmp-server

community string mode,” where “string” is the community access string and “mode” is rw
(read/write) or ro (read only). Press . (Note that the default mode is read only.)

2. To remove an existing string, simply type “no snmp-server community string,” where “string” is

the community access string to remove. Press .

Console(config)#snmp-server community admin rw

Console(config)#snmp-server community private

Console(config)#

NOTE

If you do not intend to support access to SNMP version 1 and 2c clients, we recommend that you
delete both of the default community strings. If there are no community strings, then SNMP
management access from SNMP v1 and v2c clients is disabled.

Trap Receivers

You can also specify SNMP stations that are to receive traps from the switch. To configure a trap
receiver, use the “snmp-server host” command. From the Privileged Exec level global configuration
mode prompt, type:

“snmp-server host host-address community-string

[version {1 | 2c | 3 {auth | noauth | priv}}]”

where “host-address” is the IP address for the trap receiver, “community-string” specifies access
rights for a version 1/2c host, or is the user name of a version 3 host, “version” indicates the SNMP
client version, and “auth | noauth | priv” means that authentication, no authentication, or
authentication and privacy is used for v3 clients. Then press . For a more detailed
description of these parameters, see

“snmp-server host”

on page 113. The following example

creates a trap host for each type of SNMP client.

Console(config)#snmp-server host 10.1.19.23 batman

Console(config)#snmp-server host 10.1.19.98 robin version 2c

Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth

Console(config)#

Configuring Access for SNMP Version 3 Clients

To configure management access for SNMPv3 clients, you need to first create a view that defines
the portions of MIB that the client can read or write, assign the view to a group, and then assign the
user to a group. The following example creates one view called “mib-2” that includes the entire
MIB-2 tree branch, and then another view that includes the IEEE 802.1d bridge MIB. It assigns
these respective read and read/write views to a group call “r&d” and specifies group
authentication via MD5 or SHA. In the last step, it assigns a v3 user to this group, indicating that
MD5 will be used for authentication, provides the password “greenpeace” for authentication, and
the password “einstien” for encryption.

See also other documents in the category Brocade Communications Systems Computer Accessories: