Dell FCX624-E Laptop User Manual


  Open as PDF
of 1494
 
1366 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Establishing SNMP community strings
40
Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of
defense when the packet arrives at a Dell PowerConnect device. The next level uses one of the
following methods:
Community string match In SNMP versions 1 and 2
User-based model in SNMP version 3
SNMP views are incorporated in community strings and the user-based model.
Establishing SNMP community strings
SNMP versions 1 and 2 use community strings to restrict SNMP access. The default passwords for
Web management access are the SNMP community strings configured on the device:
The default read-only community string is “public”. To open a read-only Web management
session, enter “get” and “public” for the user name and password.
There is no default read-write community string. Thus, by default, you cannot open a read-write
management session using the Web Management Interface. You first must configure a
read-write community string using the CLI. Then you can log on using “set” as the user name
and the read-write community string you configure as the password.
You can configure as many additional read-only and read-write community strings as you need. The
number of strings you can configure depends on the memory on the device. There is no practical
limit.
The Web Management Interface supports only one read-write session at a time. When a read-write
session is open on the Web Management Interface, subsequent sessions are read-only, even if the
session login is “set” with a valid read-write password.
NOTE
If you delete the startup-config file, the device automatically re-adds the default “public” read-only
community string the next time you load the software.
NOTE
As an alternative to the SNMP community strings, you can secure Web management access using
local user accounts or ACLs.Refer to “Setting up local user accounts” on page 1154 or “Using an ACL
to restrict Web management access” on page 1139.
Encryption of SNMP community strings
The software automatically encrypts SNMP community strings. Users with read-only access or who
do not have access to management functions in the CLI cannot display the strings. For users with
read-write access, the strings are encrypted in the CLI but are shown in the clear in the Web
Management Interface.
Encryption is enabled by default. You can disable encryption for individual strings or trap receivers
if desired. Refer to the next section for information about encryption.
Adding an SNMP community string
When you add a community string, you can specify whether the string is encrypted or clear. By
default, the string is encrypted.