OS6860(E)_AOS_8.1.1.R01_Switch_Management_Guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Using SNMP<br />
Using SNMP For <strong>Switch</strong> Security<br />
Using SNMP For <strong>Switch</strong> Security<br />
Community Strings (SNMPv1 and SNMPv2)<br />
The switch supports the SNMPv1 and SNMPv2c community strings security standard. When a community<br />
string is carried over an incoming SNMP request, the community string must match up with a user<br />
account name as listed in the community string database on the switch. Otherwise, the SNMP request will<br />
not be processed by the SNMP agent in the switch.<br />
Configuring Community Strings<br />
To use SNMPv1 and v2 community strings, each user account name must be mapped to an SNMP<br />
community string. Follow these steps:<br />
1 Create a user account on the switch and define its password. Enter the following CLI syntax to create<br />
the account “community_user1”.<br />
-> user community_user1 password ******* no auth<br />
Note. A community string inherits the security privileges of the user account that creates it.<br />
A user account can be created locally on the switch by using CLI commands. For detailed information on<br />
setting up user accounts, refer to the “Using <strong>Switch</strong> Security” chapter of this manual.<br />
2 Map the user account to a community string.<br />
A community string works like a password so it is defined by the user. It can be any text string up to 32<br />
characters in length. If spaces are part of the text, the string must be enclosed in quotation marks (‘ ‘). The<br />
following CLI command maps the username “community_user1” to the community string “comstring2”.<br />
-> snmp community-map comstring2 user community_user1 enable<br />
3 Verify that the community string mapping mode is enabled.<br />
By default, the community strings database is enabled. (If community string mapping is not enabled, the<br />
community string configuration will not be checked by the switch.) If the community string mapping<br />
mode is disabled, use the following command to enable it.<br />
-> snmp community-map mode enable<br />
Note. Optional. To verify that the community string is properly mapped to the username, enter the<br />
show snmp community-map command. The display is similar to the one shown here:<br />
->show snmp community-map<br />
Community mode : enabled<br />
status community string user name<br />
--------+--------------------------------+--------------------------------<br />
enabled comstring2 community_user1<br />
This display also verifies that the community map mode is enabled.<br />
Omni<strong>Switch</strong> <strong>AOS</strong> Release 8 <strong>Switch</strong> <strong>Management</strong> <strong>Guide</strong> May 2014 page 9-9