Performing Basic Configuration

Recommended basic security measures

Following are the parameters related to SNMP security:

SNMP

enabled = no read-community = public read-write-community = write enforce-address-security = no

read-access-hosts = [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ] write-access-hosts = [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ] contact = ""

location = "" queue-depth = 0

Enabling SNMP in the TAOS unit

If you leave the Enabled parameter in the SNMP profile set to No (the default), SNMP utilities cannot access the TAOS unit. The following commands enable SNMP on a unit:

admin> read SNMP SNMP read

admin> set enabled = yes

admin> write SNMP written

Setting community strings

You can specify up to 32 characters as the Read-Write-Community string. The following example changes the default community strings:

admin> read snmp SNMP read

admin> list enabled = yes read-community = ******

read-write-community = *****

enforce-address-security = no

read-access-hosts = [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ] write-access-hosts = [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ] contact = ""

location = here queue-depth = 0

admin> set read-community = private

admin> set read-write-community = secret

admin> write SNMP written

Setting up address security

If the Enforce-Address-Security parameter is set to No (its default value), any SNMP manager that presents the correct community name is allowed access. If the parameter is set to Yes, the TAOS unit checks the source IP address of the SNMP manager and allows access only to those IP addresses listed in the Read-Access-Host and Write-Access-Host arrays. Each array can include up to five host addresses.

APX 8000/MAX TNT/DSLTNT Physical Interface Configuration Guide

1-11

Page 31
Image 31
Lucent Technologies 7820-0802-003 Enabling Snmp in the Taos unit, Setting community strings, Setting up address security