Establishing snmp community strings, Encryption of snmp community strings, Adding an snmp community string – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 198
164
Brocade TurboIron 24X Series Configuration Guide
53-100305301
Establishing SNMP community strings
Establishing SNMP community strings
SNMP versions 1 and 2 use community strings to restrict SNMP access:
•
The default read-only community string is “public”.
•
There is no default read-write community string. You first must configure a read-write
community string using the CLI. Then you can log on using “set” as the user name and the
read-write community string you configure as the password.
You can configure as many additional read-only and read-write community strings as you need. The
number of strings you can configure depends on the memory on the device. There is no practical
limit.
NOTE
If you delete the startup-config file, the device automatically re-adds the default “public” read-only
community string the next time you load the software.
Encryption of SNMP community strings
The software automatically encrypts SNMP community strings. Users with read-only access or who
do not have access to management functions in the CLI cannot display the strings.
Encryption is enabled by default. You can disable encryption for individual strings or trap receivers
if desired. Refer to the next section for information about encryption.
Adding an SNMP community string
When you add a community string, you can specify whether the string is encrypted or clear. By
default, the string is encrypted.
To add an encrypted community string, enter commands such as the following.
TurboIron(config)#snmp-server community private rw
TurboIron(config)#write memory
Syntax: snmp-server community [0 | 1] <string>
ro | rw [view <viewname>] [<standard-ACL-name> | <standard-ACL-id>]
The <string> parameter specifies the community string name. The string can be up to 32
characters long.
The ro | rw parameter specifies whether the string is read-only (ro) or read-write (rw).
The 0 | 1 parameter affects encryption for display of the string in the running-config and the
startup-config file. Encryption is enabled by default. When encryption is enabled, the community
string is encrypted in the CLI regardless of the access level you are using.
The encryption option can be omitted (the default) or can be one of the following:
•
0 – Disables encryption for the community string you specify with the command. The
community string is shown as clear text in the running-config and the startup-config file. Use
this option if you do not want the display of the community string to be encrypted.
•
1 – Assumes that the community string you enter is encrypted, and decrypts the value before
using it.