Using Snmp For Switch Security; Community Strings (Snmpv1 And Snmpv2); Configuring Community Strings - Alcatel-Lucent OmniSwitch 6450 Management Manual
Hide thumbs
Also See for OmniSwitch 6450:
- User manual (136 pages) ,
- Getting started manual (22 pages) ,
- Management manual (346 pages)
Table of Contents
Advertisement
Using SNMP For Switch Security
Using SNMP For Switch Security
Community Strings (SNMPv1 and SNMPv2)
The switch supports the SNMPv1 and SNMPv2c community strings security standard. When a commu-
nity string is carried over an incoming SNMP request, the community string must match up with a user
account name as listed in the community string database on the switch. Otherwise, the SNMP request is
not processed by the SNMP agent in the switch.
Configuring Community Strings
To use SNMPv1 and v2 community strings, each user account name must be mapped to an SNMP
community string. Follow these steps:
1 Create a user account on the switch and define its password. Enter the following CLI syntax to create
the account "community_user1".
-> user community_user1 password ******* no auth
Note. A community string inherits the security privileges of the user account that creates it.
A user account can be created locally on the switch by using CLI commands. For detailed information on
setting up user accounts, refer to the "Using Switch Security" chapter of this manual.
2 Map the user account to a community string.
A community string works like a password so it is defined by the user. It can be any text string up to 32
characters in length. If spaces are part of the text, the string must be enclosed in quotation marks (" "). The
following CLI command maps the username "community_user1" to the community string "comstring2".
-> snmp community map comstring2 user community_user1 enable
3 Verify that the community string mapping mode is enabled.
By default, the community strings database is enabled. (If community string mapping is not enabled, the
community string configuration is not checked by the switch.) If the community string mapping mode is
disabled, use the following command to enable it.
-> snmp community map mode enable
Note. Optional. To verify that the community string is properly mapped to the username, enter the
show snmp community map
->show snmp community map
Community mode : enabled
status
community string
--------+--------------------------------+--------------------------------
enabled comstring2
This display also verifies that the community map mode is enabled.
page 3-10
command. The display is similar to the one shown here:
OmniSwitch 6250/6450 Switch Management Guide
user name
community_user1
Using SNMP
June 2013
Advertisement
Table of Contents
