Specifications
7-8
Cisco AS5x00 Case Study for Basic IP Modem Services
11/24/1999
Section 7 Enabling Management Protocols: NTP, SNMP, and Syslog
Enabling SNMP
Warning
If you are not using SNMP, make sure to turn it off. Never use a configuration that uses
public or private as community stringsthese strings are well known in the
industry and are common defaults on much hardware. These strings are open invitations
to attacks, regardless if you use filters.
Table 7-3 SNMP Commands
Command Purpose
snmp-server contact admin dude@mauionions.com
Specifies a contact name to notify whenever a
MIB problems occurs.
snmp-server location 5300-NAS-Maui
Specifies a geographic location name for the
router.
snmp-server community poptarts RO 8
Assigns a read only (RO) community string.
Only queries and get requests can be
performed.
The community string (poptarts) allows
polling but no configuration changes. Without
the correct community string on both
machines, SNMP will not let you do the
authorization to get or set the request.
snmp-server community pixysticks RW 5
Assigns a read write (RW) community string.
This community string (pixysticks) enables
configuration changes to be performed. For
example, you can shut down an interface,
download a configuration file, or change a
password.
snmp-server host 172.22.66.18 maddog
Identifies the IP address of the SNMP host
followed by a password.
snmp-server trap-source Loopback0
Associates SNMP traps with a loopback
interface. In this way, an Ethernet shutdown
will not disrupt SNMP management flow.
snmp-server enable traps
Enables traps for unsolicited notifications for
configuration changes, environmental
variables, and device conditions.
access-list 5 permit 172.22.67.1
access-list 8 permit 172.22.67.1
Permits access from a single element
management server.
access-list 5 permit 0.0.0.1 172.22.68.20
access-list 8 permit 0.0.0.1 172.22.68.20
Permits access from a block of addresses at
your network operations center.