Prevent Read-only users from viewing Read-Write/Admin SNMP Credentials

  • 0
  • 1
  • Article
  • Updated 4 years ago
Article ID: 5898 


Prevent Read-only users from viewing Read-Write or Admin SNMP credentials 

RO users can see rw / admin snmp credentials in the MIBs 

When setting up SNMPv1/2/3 configurations, it is not unusual to allow each user an unrestricted view of the entire MIB Tree. 

Doing this for read-only groups (and thus, read-only users) unfortunately allows them the possibility of viewing the branch containing the SNMP configuration parameters, which could then be used to provide sufficient credentials to obtain read-write or admin level SNMP access. 

FAD (Functions as Designed) 

The following command sequence creates an SNMP view (5610) permitting full MIB access except for the 'snmpV2=' branch:

set snmp view viewname RO subtree 1
set snmp view viewname RO subtree 0.0
set snmp view viewname RO subtree excluded

For any SNMP version this (case-sensitive) 'RO' view may then be referenced instead of the default 'All' view, in the 'set snmp access' commands for read-only groups (5245).
Photo of FAQ User

FAQ User, Official Rep

  • 13,590 Points 10k badge 2x thumb

Posted 4 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.