If you wish to use SNMP on a cisco router there are a number of options and possibilities available to you. Each comes with pro's and cons but the simplest method is to use the following syntax in the config terminal.
snmp-server community (string) ro/rw (access list number)
e.g.
snmp-server community C0py:Run:F41l ro 1
access list 1 permit host 192.168.1.1
The RO option sets up a Read Only community which will service GET requests
The RW option sets up a Read Write community servicing GET and SET requests.
Please note this differs from Traps and Informs which I will cover in a separate article.
Please note a community will allow requests to all available MiB's and OID's in the available device tree so ensure you intend full visibility before setting up.
Also note that being V2c the only security is the community string which acts as password of sorts. This is sent in plain text so a packet sniffer could easily intercept it. Alternatively a dictionary attack could uncover it so make sure it is sufficiently complex!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment