Simple Network Management Protocol (SNMP) is a set of protocols for managing complex networks. SNMP
sends messages, called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices,
called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the
SNMP requesters.
The chapter "Securing Access to Management Functions" on page 2-1 introduced a few methods used to secure
SNMP access. They included the following:
•
"Using ACLs to Restrict SNMP Access" on page 2-5
•
"Restricting SNMP Access to a Specific IP Address" on page 2-8
•
"Restricting SNMP Access to a Specific VLAN" on page 2-9
•
"Disabling SNMP Access" on page 2-11
This chapter presents additional methods for securing SNMP access to HP devices. It contains the following
sections:
•
"Establishing SNMP Community Strings" on page 10-1
•
"Using the User-Based Security Model" on page 10-5
•
"Defining SNMP Views" on page 10-10
Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of defense when the
packet arrives at an HP device. The next level uses one of the following methods:
•
Community string match In SNMP versions 1 and 2
•
User-based model in SNMP version 3
SNMP views are incorporated in community strings and the user-based model.
Establishing SNMP Community Strings
SNMP versions 1 and 2 use community strings to restrict SNMP access. The default passwords for Web
management access are the SNMP community strings configured on the device.
•
The default read-only community string is "public". To open a read-only Web management session, enter
"get" and "public" for the user name and password.
•
There is no default read-write community string. Thus, by default, you cannot open a read-write management
session using the Web management interface. You first must configure a read-write community string using
the CLI. Then you can log on using "set" as the user name and the read-write community string you configure
June 2005
Securing SNMP Access
Chapter 10
10 - 1