Trap receivers, Configuring access for snmp version 3 clients – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual
Page 72
22
Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002581-01
Basic Configuration
2
•
private - with read/write access. Authorized management stations are able to both retrieve and
modify MIB objects.
To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is
recommended that you change the default community strings.
To configure a community string, complete the following steps:
1. From the Privileged Exec level global configuration mode prompt, type “snmp-server
community string mode,” where “string” is the community access string and “mode” is rw
(read/write) or ro (read only). Press <Enter>. (Note that the default mode is read only.)
2. To remove an existing string, simply type “no snmp-server community string,” where “string” is
the community access string to remove. Press <Enter>.
Console(config)#snmp-server community admin rw
Console(config)#snmp-server community private
Console(config)#
NOTE
If you do not intend to support access to SNMP version 1 and 2c clients, we recommend that you
delete both of the default community strings. If there are no community strings, then SNMP
management access from SNMP v1 and v2c clients is disabled.
Trap Receivers
You can also specify SNMP stations that are to receive traps from the switch. To configure a trap
receiver, use the “snmp-server host” command. From the Privileged Exec level global configuration
mode prompt, type:
“snmp-server host host-address community-string
[version {1 | 2c | 3 {auth | noauth | priv}}]”
where “host-address” is the IP address for the trap receiver, “community-string” specifies access
rights for a version 1/2c host, or is the user name of a version 3 host, “version” indicates the SNMP
client version, and “auth | noauth | priv” means that authentication, no authentication, or
authentication and privacy is used for v3 clients. Then press <Enter>. For a more detailed
description of these parameters, see
on page 113. The following example
creates a trap host for each type of SNMP client.
Console(config)#snmp-server host 10.1.19.23 batman
Console(config)#snmp-server host 10.1.19.98 robin version 2c
Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#
Configuring Access for SNMP Version 3 Clients
To configure management access for SNMPv3 clients, you need to first create a view that defines
the portions of MIB that the client can read or write, assign the view to a group, and then assign the
user to a group. The following example creates one view called “mib-2” that includes the entire
MIB-2 tree branch, and then another view that includes the IEEE 802.1d bridge MIB. It assigns
these respective read and read/write views to a group call “r&d” and specifies group
authentication via MD5 or SHA. In the last step, it assigns a v3 user to this group, indicating that
MD5 will be used for authentication, provides the password “greenpeace” for authentication, and
the password “einstien” for encryption.