Technical Configuration Guide for SNMP

v2.0

December 2006

3. Blocking SNMP

By default, SNMP access is enabled. You can disable SNMP; this includes SNMPv1/v2 and SNMPv3, access to the ERS 8600 by using the following commands:

ERS-8610:5#config bootconfig flags block-snmp true

ERS-8610:5#save boot

ERS-8610:5#boot-y

To re-enable SNMP access, type in the following command:

ERS-8610:5#config bootconfig flags block-snmp false

3.1Blocking SNMPv1/2 only

If you wish to allow only SNMPv3 access, you can disable SNMPv1/2 by configuring the SNMPv3 MIB view. Portions of the MIB can be configured to either include or exclude access at an MIB OID level. This is explained in section 5.5. For SNMPv3, this can be done on a per-user basic. For SNMPv1/v2, it can be done on a global/community basis. By default, SNMPv1/v2 is permitted access to all MIB OIDs under 1.3 in the MIB OID tree with the exception with sections related to the SNMP USM, VACM, and Community MIBs. This cannot be altered, but, if an additional exclusion statement is added, the entire usable MIB can be disabled through SNMPv1/v2. Specifically, if the entire MIB tree under 1.3.6 (iso org dod) is excluded, none of the switches public or private MIBs will be accessible.

To disable SNMPv1/v2 only, enter the following command:

PP8600-B:6#config snmp-v3 mib-view create v1v2only 1.3.6 type exclude

At this point, SNMPv1/v2 will be disabled and only SNMPv3 will be allowed.

3.2Blocking SNMP via an Access Policy – prior to software release 3.7.9 or 4.1

You can also enable or disable SNMP via an Access Policy. Overall, the Access Policy feature on the ERS 8600 supports the following feature:

Access level: Specifies the access level of the trusted as hostreadOnly (ro), readWrite (rw), or readWriteAll (rwa)

Mode: Indicates whether a packet having a source IP address that matches this entry should be permitted to enter the device or denied access.

Service: Indicates the protocol to which this entry should be applied. Choices are telnet, snmp, tftp, ftp, http, rlogin, and/or ssh.

Precedence: Indicates the precedence of the policy. The lower the number, the higher the precedence (1 to 128).

Network Address and Network Mask: Indicates the source network IP address and mask. An address of 0.0.0.0 specifies any address on the network.

Host: Indicates the trusted IP address of the host performing rlogin or rsh into the device. Applies only to rlogin and rsh.

Access-strict:Sets the access level strictly.

______________________________________________________________________________________________________

NORTEL

External Distribution

7

Page 7 Page 9
Page 8
Image 8
Nortel Networks 8600 manual Blocking Snmp, Blocking SNMPv1/2 only, ERS-86105#config bootconfig flags block-snmp true
Page 7 Page 9

8600 specifications

Nortel Networks 8600 is a highly regarded member of the Nortel Ethernet routing portfolio, specifically designed to meet the demands of today's bandwidth-hungry environments. This advanced platform is a favorite for service providers and enterprises due to its scalability, reliability, and performance capabilities.

One of the standout features of the Nortel 8600 is its exceptional scalability. The platform supports a wide range of Ethernet services that can accommodate the growth of network applications without requiring significant overhaul. This scalability is driven by its ability to provide multiple 10 Gigabit and 100 Gigabit Ethernet ports, allowing organizations to expand their network as bandwidth needs increase.

The 8600 employs a robust architecture that enhances its performance. It utilizes a switching fabric that delivers high throughput and low latency, making it ideal for applications that demand real-time data transmission, such as voice over IP (VoIP) and video streaming. With support for high-density Ethernet, the 8600 can handle a large number of simultaneous connections, facilitating seamless experiences for end-users.

Another technological highlight of the Nortel 8600 is its integrated service capabilities. The platform incorporates advanced quality of service (QoS) features that prioritize bandwidth for critical applications, ensuring reliable performance even during peak usage times. The 8600 also supports comprehensive security protocols, providing peace of mind for organizations as they navigate the complexities of modern cybersecurity challenges.

Additionally, the platform offers advanced management features that simplify network administration. Built-in tools for monitoring and reporting enhance operational visibility, enabling IT teams to quickly identify and resolve issues. The 8600 is designed to integrate smoothly with existing networking environments, offering interoperability with multiple vendors and protocols, thus protecting investment in other technologies.

Energy efficiency is another characteristic of the Nortel 8600, making it a suitable choice for organizations keen on reducing operational costs and minimizing their environmental impact. The platform is built with energy-saving components and intelligent power management that allow businesses to operate sustainably.

Overall, the Nortel Networks 8600 is a sophisticated routing solution that integrates cutting-edge technologies to meet the demands of modern network environments, making it a preferred choice for organizations seeking a balance between performance, reliability, and cost-effectiveness.
Top Page Image Contents