SNMP Configuration
177
example of a read-only variable might be a counter showing the total number of octets sent or
received through an interface. An example of a read-write variable might be the speed of an
interface, or the hostname of a device.
Community strings also provide a weak form of access control in earlier versions of SNMP version 1
and 2. SNMP version 3 provides much improved access control using strong authentication and
should be preferred over SNMP version 1 and 2 wherever it is supported. If a community string is
defined, then it must be provided in any basic SNMP query if the requested operation is to be
permitted by the device. Community strings usually allow read-only or read-write access to the
entire device. In some cases, a given community string will be limited to one group of read-only or
read-write objects described in an individual MIB.
In the absence of additional configuration options to constrain access, knowledge of the single
community string for the device is all that is required to gain access to all objects, both read-only and
read-write, and to modify any read-write objects.
Note:
Knowledge of read-only community strings allows read access to information that is stored on
an affected device, leading to a failure of confidentiality. Knowledge of read-write community
strings allows remote configuration of affected devices without authorization, possibly without the
awareness of the administrators of the device and resulting in a failure of integrity and a possible
failure of availability. Therefore defining a community strings which allow read-only access to the
MIB objects should be the default.
By default SNMP uses the default communities
public
and
private
. You probably do not want to use
those, as they are the first things an intruder will look for. Choosing community names is like
choosing password. Do not use easily guessable ones; do not use commonly known words, mix
letters and other characters, and so on. If you do not intend to allow anyone to use SNMP write
commands on your system, then you probably only need one community name.
Procedure
To define your own SNMP community
Mode
Configure
Command
Purpose
Step 1
node
(cfg)#snmp community
name
{ ro | rw
}
Configures the SNMP community
name with read-only or read/write
access
Use the
no
command option to remove a SNMP community setting.
Example: Setting Access Community Information
In the following example the SNMP communities for the default community public with read-only
access and the undisclosed community
Not4evEryOne
with read/write access are defined. Only these
valid communities have access to the information from the SNMP agent running on the respective
SmartNode 1000 or 2000 series device.
SN2300-01(cfg)#
snmp community public ro
SN2300-01(cfg)#
snmp community Not4evEryOne rw
Note:
If no community is set on your SmartNode accessing any of the MIB objects is not possible!
Software Configuration Guide Release 2.10, Revision 1.00
Summary of Contents for SmartWare Release 2.10
Page 2: ...2 Legal Notice Software Configuration Guide Release 2 10 Revision 1 00...
Page 15: ...Terms and Definitions 15 Software Configuration Guide Release 2 10 Revision 1 00...
Page 218: ...218 PPP Configuration no shutdown Software Configuration Guide Release 2 10 Revision 1 00...
Page 272: ...272 Tone Configuration Software Configuration Guide Release 2 10 Revision 1 00...