Technical data

ManualsBrandsMonitor Products, Inc ManualsBoilerFCX-

171

172

173

174

175

176

177

178

179

180

162 FastIron Ethernet Switch Administration Guide

53-1002637-02

SNMP community strings

This chapter presents additional methods for securing SNMP access to Brocade devices. It

contains the following sections:

• “SNMP community strings”

• “User-based security model”

• “SNMP v3 configuration examples”

• “SNMP version 3 traps”

• “Displaying SNMP Information”

• “SNMP v3 configuration examples”

Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of

defense when the packet arrives at a Brocade device. The next level uses one of the following

methods:

• Community string match In SNMP versions 1 and 2

• User-based model in SNMP version 3

SNMP views are incorporated in community strings and the user-based model.

SNMP community strings

SNMP versions 1 and 2 use community strings to restrict SNMP access.

• The default read-only community string is “public”.

• There is no default read-write community string. You first must configure a read-write

community string using the CLI. Then you can log on using “set” as the user name and the

read-write community string you configure as the password.

You can configure as many additional read-only and read-write community strings as you need. The

number of strings you can configure depends on the memory on the device. There is no practical

limit.

NOTE

If you delete the startup-config file, the device automatically re-adds the default “public” read-only

community string the next time you load the software.

Encryption of SNMP community strings

The software automatically encrypts SNMP community strings. Users with read-only access or who

do not have access to management functions in the CLI cannot display the strings. For users with

read-write access, the strings are encrypted in the CLI.

Encryption is enabled by default. You can disable encryption for individual strings or trap receivers

if desired. Refer to the next section for information about encryption.

Adding an SNMP community string

The default SNMP community name (string) on a device is “public” with read only privilege.

You can assign other SNMP community strings, and indicate if the string is encrypted or clear. By

default, the string is encrypted.