Alcatel Carrier Internetworking Solutions omniswitch Switch User Manual


  Open as PDF
of 260
 
Using SNMP For Switch Security Using SNMP
page 10-26 OmniSwitch 6600 Family Switch Management Guide March 2005
Using SNMP For Switch Security
Community Strings (SNMPv1 and SNMPv2)
The switch supports the SNMPv1 and SNMPv2c community strings security standard. When a commu-
nity string is carried over an incoming SNMP request, that community string must match up with a user
account name as listed in the community string database on the switch. Otherwise, the SNMP request will
not be processed by the SNMP agent in the switch.
Configuring Community Strings
To use SNMPv1 and v2 community strings, each user account name must be mapped to an SNMP
community string. Follow these steps:
1 Create a user account on the switch and define its password. Enter the following CLI syntax to create
the account “community_user1”.
-> user community_user1 password ******* no auth
Note. A community string inherits the security privileges of the user account that creates it.
A user account can be created locally on the switch using CLI commands. For detailed information on
setting up user accounts, refer to the “Using Switch Security” chapter of this manual.
2 Map the user account to a community string.
A community string works like a password so it is defined by the user. It can be any text string up to 32
characters in length. If spaces are part of the text, the string must be enclosed in quotation marks (“ ”). The
following CLI command maps the username “community_user1” to the community string “comstring2”.
-> snmp community map comstring2 user community_user1 enable
3 Verify that the community string mapping mode is enabled.
By default, the community strings database is enabled. (If community string mapping is not enabled, the
community string configuration will not be checked by the switch.) If the community string mapping
mode is disabled, use the following command to enable it.
-> snmp community map mode enable
Note. Optional. To verify that the community string is properly mapped to the username, enter the show
snmp community map command. The display is similar to the one shown here:
->show snmp community map
Community mode : enabled
status community string user name
--------+--------------------------------+--------------------------------
enabled comstring2 community_user1
This display also verifies that the community map mode is enabled.
 previous next