Configuring Snmp Anti-Brute Force Attack; Figure 6-2 State Switching Diagram - Zte ZXR10 ZSR V2 Configuration Manual (System Management

l In practical applications, some network management user addresses that can be
used to access the device are fixed. These users are reliable and do not need
automatic ageing. To meet this requirement, the ZXR10 ZSR V2 allows users to
manually configure trusted users who are not aged, but they can be cleared by
running the no command.
l
To prevent that users unintentionally enter wrong passwords, the ZXR10 ZSR V2
supports configuring the condition of enabling monitoring. For example, monitoring
will be enabled only when the number of input failure times reaches 20 in one
minute. By default, monitoring will be enabled only when the number of input failure
times reaches 50 in one minute. Failure counting does not distinguish between IP
addresses.
l
In monitoring period, the total failure times is counted (IP addresses are not
distinguished). If the number of times exceeds the limit, the ZXR10 ZSR V2 enters
quiet mode.
In any state, when community string attempts fail, logs and self-defined Trap messages
are generated by default.
information: error community string information, source IP, and current state of SNMP
(normal/monitoring/quiet). When a device state is switched, a system log and Trap alarm
are automatically generated. This function can be disabled by running a command.
SNMP security state switching is shown in

Figure 6-2 State Switching Diagram

6.2.2 Configuring SNMP Anti–Brute Force Attack
This procedure describes how to configure the SNMP anti-brute force attack function.
SJ-20140504150128-007|2014-05-10 (R1.0)
A Trap message that is sent includes the following
Figure 6-2.
6-11
Chapter 6 SNMP Configuration
ZTE Proprietary and Confidential