Technical data
Quick-Starting Routers
7-4
117342-B Rev. 00
By default, the Quick-Start installation script (install.bat) creates
a read/write SNMP community named “public” with a wildcard manager (0.0.0.0)
that allows universal read/write access. Bay Networks strongly recommends that
you use Site Manager or BCC commands to:
1.
Reconfigure the “public” community as read-only for universal access.
2.
Create a read/write community with a unique name (for example,
EASTBAY) and a manager list containing the IP addresses of the
workstations that need read/write access to the router.
See Configuring SNMP, BootP, DHCP, and RARP Services for more information
about configuring SNMP. See Using the Bay Command Console (AN/BN Routers)
for information about BCC commands.
Setting Secure Mode
Bay Networks routers have an optional security mechanism, called secure mode,
that uses an encryption algorithm to prevent unauthorized SNMP SET requests to
the MIB variables of the router.
In secure mode, when Site Manager issues the first SET request within an
application, you must enter a key to allow Site Manager to operate in secure mode.
A Site Manager SET request to the router includes the encrypted value of a
counter. When the agent on the router receives the SET request, it compares the
encrypted value with the value of its own counter plus 1. If the two counters
match, the agent considers the SET request authentic, increments the counter by 2,
stores it in encrypted form in the MIB, and sends it back to Site Manager.
Secure mode protects against these security violations:
• Message stream modification, in which an intruder reorders, delays, or replays
SET requests to specify unauthorized management settings
• Masquerade operations, in which an intruder assumes the IP address of an
authorized user to specify unauthorized management settings