Solved

Does XMC need SNMP write access to switches?

  • 5 August 2021
  • 3 replies
  • 41 views

For security best practices typically I would only allow SNMP with RO (read only) access on network devices. Does XMC need write access to be allowed on Extreme switches for any functionality? These are all VOSS and EXOS switches. Thanks.

icon

Best answer by StephanH 6 August 2021, 06:59

Hello Paulc,

in addition to Mig's answer. If you used XMC only for monitoring and you don't use ExtremeControl, then it is sufficient to have read-only access via SNMP.

However, XMC also offers the possibility to change configuration on the switch. For example you can change the name of a switch. Here write access is necessary.

Basically it is recommended (XMC best practise) to allow write access via SNMP, but this should be done via SNMPv3.

 

View original

3 replies

Userlevel 7
Badge +1

Paulc,

The CoA (reauthentication 802.1X or MAC auth) is very often performed via SNMP.

If you want to secure that define an access policy that will allow SNMP to authorized devices only.

Mig

Userlevel 7
Badge +1

Hello Paulc,

in addition to Mig's answer. If you used XMC only for monitoring and you don't use ExtremeControl, then it is sufficient to have read-only access via SNMP.

However, XMC also offers the possibility to change configuration on the switch. For example you can change the name of a switch. Here write access is necessary.

Basically it is recommended (XMC best practise) to allow write access via SNMP, but this should be done via SNMPv3.

 

Great, thank you both!

Reply