Configuring SNMP Community Strings
SNMP community strings determine the access privileges (read-only and read-write) of SNMP clients with the device's SNMP agent. The device's SNMP agent accepts SNMP Get (read-only) and Set (read-write) requests only if the correct community string is used in the request.
The SNMP Community Strings table lets you configure up to 10 SNMP community strings.
Depending on whether you're in basic or advanced SNMP mode, access privileges are configured as follows:
| ■ | Basic mode: For each community string, you need to select either Read-Only or Read-Write. |
| ■ | Advanced mode: For each community string, you need to assign it to an Access Group. |
| ● | SNMP community strings are applicable only to SNMPv1 and SNMPv2c. SNMPv3 uses username-password authentication along with an encryption key (see Configuring SNMP V3 Users). |
| ● | If you configure SNMPv3 users (see Configuring SNMPv3 Users), the device ignores all SNMP requests (Get and Set operations) from SNMPv2 users (sends the authenticationFailure trap). |
| ● | The read-only community strings must be different to the read-write community strings. |
| ● | You can enhance security by configuring Trusted Managers (see Configuring SNMP Trusted Managers). A Trusted Manager is an IP address from which the SNMP agent accepts Get and Set requests. |
| ● | You can assign data-router Access Control List rules (ACL) to SNMP community strings. By associating an ACL rule with an SNMP community string, the source and/or destination address of the packet, received from the management station and in which the community string is received can be specified. This adds enhanced security by reducing the likelihood of malicious attacks on the device if the community string is discovered by an attacker. To assign an ACL rule, use the following CLI command: |
(config-system)# snmp
(snmp)# snmp-acl community-string <Community string> rw|ro <ACL rule string name>
For detailed descriptions of the SNMP parameters, see SNMP Parameters.
The following procedure describes how to configure SNMP Community Strings through the Web interface. You can also configure it through ini file [SNMPCommunityStrings] or CLI (configure system > snmp settings > community-strings).
| ➢ | To configure SNMP Community Strings: |
| 1. | Open the SNMP Community Strings table (Setup menu > Administration tab > SNMP folder > SNMP Community Strings). |
| 2. | Click New; the following dialog box appears: |
| 3. | Configure an SNMP community string according to the parameters described in the table below. |
| 4. | Click Apply, and then reset the device with a save-to-flash for your settings to take effect. |
SNMP Community Strings Table Parameter Descriptions
|
Parameter |
Description |
|||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
'Index' [SNMPCommunityStrings_Index] |
Defines an index number for the new table row. Note: Each row must be configured with a unique index. |
|||||||||||||||||||||
|
'Name' name [SNMPCommunityStrings_Name] |
Defines a descriptive name for the SNMP community string. The valid value is a string of up to 31 characters. |
|||||||||||||||||||||
|
'Password' password [SNMPCommunityStrings_Password] |
Defines a password (string) for the SNMP community string. The valid value is a string of up to 30 characters that can include only the following:
For example: "Public-comm_string1". Note:
|
|||||||||||||||||||||
|
'Group' group [SNMPCommunityStrings_Group] |
Defines the access privilege of the SNMP community string.
Note: This parameter is applicable only when in basic SNMP mode. |
|||||||||||||||||||||
|
'Access Group' access-group [SNMPCommunityStrings_AccessGroup] |
Assigns the SNMP community string to an Access Group, configured in the SNMP Access Groups table (see Configuring SNMP Access Groups). By default, no value is defined. Note: This parameter is applicable only when in advanced SNMP mode (see Enabling the SNMP View-based Access Control Model). |