Managing the device securely

Examples To allow the user “steve” full read, write and notify SNMP access to the switch:

enable snmp

add snmp view=full oid=1.3.6.1 type=include

add snmp group=super-users securitylevel=authPriv readview=full writeview=full notifyview=full

add snmp user=steve group=super-users authprotocol=md5 authpassword=cottonsox privprotocol=des privpassword=woollytop

To also give the user “jane” read and notify access to everything on the switch, add the following commands:

add snmp group=users securitylevel=authNoPriv readview=full notifyview=full

add snmp user=jane group=users authprotocol=md5 authpassword=redjeans

To also give the user “paul” unauthenticated read access to everything on the switch except BGP, add the following commands:

add snmp view=restricted oid=1.3.6.1 type=include

#exclude bgp by specifying either mib=bgp or oid=1.3.6.1.2.1.15: add snmp view=restricted mib=bgp type=exclude

add snmp group=restricted-users securitylevel=noAuthNoPriv readview=restricted

add snmp user=paul group=restricted-users

To also send traps securely to the PC with IP address 192.168.11.23 for user “steve” to see, add the following commands:

add snmp targetparams=netmonpc securitylevel=authPriv user=steve

add snmp targetaddress=nms ip=192.168.11.23 udp=162 params=netmonpc

For more information about the above examples, see How To Configure SNMPv3 On Allied Telesis Routers and Managed Layer 3 Switches, available from www.alliedtelesis.com/resources/ literature/howto.aspx. This How To Note also explains SNMPv3 concepts in detail, including users, groups and views.

Create A Secure Network With Allied Telesis Managed Layer 3 Switches

11

Page 11
Image 11
Allied Telesis Layer 3 Switches manual Managing the device securely