Setting Up SNMP

RS 2100 Initial Configuration

By default, SNMP information is sent and received on the RS 2100’s en0 Ethernet port. If you want SNMP to use a different port on the RS 2100, use the following command

snmp set trap-source <interface><IPaddr>

Here is an example:

rs(config)# snmp set trap-source 134.152.78.192

SNMP will now use the port with IP address 134.152.78.192. Remember, to make this change permanent, enter the save startup command

4.6.2Improving SNMP Security

SNMPv1 is not a secure protocol. Messages containing community strings are sent in plain text from manager application to agent. Anyone with a protocol decoder and access to the wire can capture, modify, and replay messages.

Applying ACLs to SNMP

When using SNMP v1 or v2, it is important to protect your RS 2100 by applying an Access Control List (ACL) to the SNMP agent to prevent unauthorized access and route your SNMP traffic through trusted networks only.

Here are the basic configuration commands to apply an ACL to the RS 2100’s SNMP agent, allowing access to the RS 2100 by only one management station.

rs(config)# acl mgmt_only permit udp <IPaddr> any any any

rs(config)# acl mgmt_only apply service snmp

The above ACL applied to the SNMP service allows messages from source IP address <IPaddr> to be processed by the SNMP agent, packets form any other source IP address are dropped.

Disabling Authentication Traps

To provide additional security to the RS 2100, disable the sending of authentication traps. Authentication traps are sent when SNMP v1 packets are received with invalid community strings. A common security attack on an SNMP v1 agent is to send a message containing an invalid message, and then capture the authentication trap to learn the community string.

Here is an example of how to turn off the sending of authentication traps:

rs(config)#snmp disable trap authentication

4-16 Riverstone Networks RS 2100 Switch Router Getting Started Guide

Page 56
Image 56
Riverstone Networks RS 2100 manual Improving Snmp Security, Applying ACLs to Snmp

RS 2100 specifications

Riverstone Networks RS 2100 is a versatile networking solution tailored for service providers and enterprises. Designed to facilitate seamless data, voice, and video services, the RS 2100 presents a robust platform that integrates both hardware and software capabilities. This device stands out in the realm of advanced routing and switching technologies, offering extensive features that cater to a wide array of connectivity needs.

One of the key features of the RS 2100 is its ability to support high-speed interfaces. With multiple Gigabit Ethernet ports, the device ensures substantial bandwidth to handle growing data traffic demands. This makes it an excellent choice for organizations looking to future-proof their networks. Additionally, the RS 2100 supports aggregation of different types of traffic flows, allowing for efficient resource utilization and enhanced performance.

The RS 2100 also boasts advanced Quality of Service (QoS) capabilities, which are essential for prioritizing different types of traffic. This is particularly important for applications that require consistent performance, such as VoIP calls or video streaming. By enabling service providers to guarantee bandwidth for critical applications, the RS 2100 enhances user experience and customer satisfaction.

Security is another critical aspect of the RS 2100, featuring multiple layers of protection against various cyber threats. With support for robust firewall functionalities and various VPN protocols, the device ensures that sensitive data remains secure, thereby fortifying the network against potential attacks.

In terms of scalability, the RS 2100 is highly adaptable. Organizations can easily expand their network capabilities as demands grow, thanks to its flexible architecture. This scalability ensures that users can comfortably accommodate increasing user counts and traffic levels over time without necessitating significant infrastructure changes.

The RS 2100 also integrates seamlessly with existing IT infrastructures. Utilizing standard protocols and interfaces, it simplifies deployment and management processes, allowing organizations to easily incorporate it into their current systems. Overall, Riverstone Networks RS 2100 is a powerful and efficient networking solution, equipped with the features needed to support modern communication demands, ensuring reliability and performance across diverse applications. As businesses and service providers continue to evolve, the RS 2100 serves as a trusted partner in navigating the complexities of networking and connectivity.