Juniper Networks EX2500 Switch User Manual


 
EX2500 Ethernet Switch Configuration Guide
10 Securing Access to the Switch
SNMPv3 Trap Host Configuration
To configure a user for SNMPv3 traps, you can choose to send the traps with both
privacy and authentication, with authentication only, or without privacy or
authentication.
This is configured in the access table with the following commands:
ex2500(config)# snmp-server access <1-32> level
ex2500(config)# snmp-server target-parameters <1-16>
Configure the user in the user table accordingly.
It is not necessary to configure the community table for SNMPv3 traps because the
community string is not used by SNMPv3.
The following example shows how to configure a SNMPv3 user v3trap with
authentication only:
ex2500(config)# snmp-server user 11 name v3trap
ex2500(config)# snmp-server user 11 authentication-protocol md5
authentication-password
Changing authentication password; validation required:
Enter current admin password: <admin. password>
Enter new authentication password: <auth. password>
Re-enter new authentication password: <auth. password>
New authentication password accepted.
ex2500(config)# snmp-server access 11 notify-view iso
ex2500(config)# snmp-server access 11 level authnopriv
ex2500(config)# snmp-server group 11 user-name v3trap
ex2500(config)# snmp-server group 11 tag v3trap
ex2500(config)# snmp-server notify 11 name v3trap
ex2500(config)# snmp-server notify 11 tag v3trap
ex2500(config)# snmp-server target-address 11 name v3trap address 47.81.25.66
ex2500(config)# snmp-server target-address 11 taglist v3trap
ex2500(config)# snmp-server target-address 11 parameters-name v3param
ex2500(config)# snmp-server target-parameters 11 name v3param
ex2500(config)# snmp-server target-parameters 11 user-name v3trap
ex2500(config)# snmp-server target-parameters 11 level authNoPriv
Securing Access to the Switch
Secure switch management is needed for environments that perform significant
management functions across the Internet. Common functions for secured
management are described in the following sections:
RADIUS Authentication and Authorization on page 11
TACACS+ Authentication on page 14
End User Access Control on page 18