Enabling Snmp Monitoring - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
2.4.2. SNMP Monitoring
Security for SNMP Versions 1 and 2c is handled by the Community String which is the same as a
password for SNMP access. The Community String should be difficult to guess and should therefore
be constructed in the same way as any other password, using combinations of upper and lower case
letters along with digits.
Enabling an IP Rule for SNMP
The advanced setting SNMP Before Rules controls if the IP rule set checks all accesses by SNMP
clients. This is by default disabled and the recommendation is to always enable this setting.
The effect of enabling this setting is to add an invisible Allow rule at the top of the IP rule set which
automatically permits accesses on port 161 from the network and on the interface specified for
SNMP access. Port 161 is usually used for SNMP and NetDefendOS always expects SNMP traffic
on that port.
Remote Access Encryption
It should be noted that SNMP Version 1 or 2c access means that the community string will be sent
as plain text over a network. This is clearly insecure if a remote client is communicating over the
public Internet. It is therefore advisable to have remote access take place over an encrypted VPN
tunnel or similarly secure means of communication.
Preventing SNMP Overload
The advanced setting SNMP Request Limit restricts the number of SNMP requests allowed per
second. This can help prevent attacks through SNMP overload.
Example 2.14. Enabling SNMP Monitoring
This example enables SNMP access through the internal lan interface from the network mgmt-net using the
community string Mg1RQqR.
Since the management client is on the internal network, there is no need for it to communicate via a VPN tunnel.
Command-Line Interface
gw-world:/> add RemoteManagement RemoteMgmtSNMP my_snmp
Should it be necessary to enable SNMP Before Rules (which is enabled by default) then the command is:
gw-world:/> set Settings RemoteMgmtSettings SNMPBeforeRules=Yes
Web Interface
1.
Go to: System > Remote Management > Add > SNMP management
2.
For Remote access type enter:
•
Name: a suitable name, for example snmp_access
•
Community: Mg1RQqR
3.
For Access Filter enter:
•
Interface: lan
•
Network: mgmt-net
Interface=lan
Network=mgmt-net
SNMPGetCommunity=Mg1RQqR
75
Chapter 2. Management and Maintenance
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
