Header Only - DO NOT REMOVE - Extreme Networks

How do you change the default SNMP Community string on an Enterasys C3?


How do you change the default SNMP Community string on an Enterasys C3?

14 replies

Userlevel 4
Robert,

Here is an article for snmp v1/2.
How to configure SNMP V1 or SNMPv2 on Modular and SecureStack switches
Userlevel 4
this article is geared towards the modular products but is similar to the stacks. If I run across the stack version I will attach it.

How to configure SNMP v3 on S/N/K/7100 Series
Userlevel 4
This is a good starting point if you are new the device.

EOS: Basic Switch Layer 2 Configuration Best Practices and minimum feature recommendations
I forgot to add a description so here is some more information on what is going on.

I've been asked to change the default SNMP (public by default) community strings on my Enterasys C2/C3 switches. When I type "clear snmp community public", I can' no longer see the switch in my management software (which is to be expected). However, when i type "set snmp community whatever" and try to reattach with my management software, it will not allow me.

Now, if I go back and "set snmp community public", I can connect via my management software using either the public string or the whatever string.

I've also noticed if I do "show config snmp" after running "clear snmp community public", I see that exact command in the config. Normally if I run show config after running a clear command, I don't see the clear command listed in the config. Not sure if this has anything to do with it, just trying to give as much information as I can.

Any assistance would be greatly appreciated.
Userlevel 4
Robert Lawrence wrote:

I forgot to add a description so here is some more information on what is going on.

I've been asked to change the default SNMP (public by default) community strings on my Enterasys C2/C3 switches. When I type "clear snmp community public", I can' no longer see the switch in my management software (which is to be expected). However, when i type "set snmp community whatever" and try to reattach with my management software, it will not allow me.

Now, if I go back and "set snmp community public", I can connect via my management software using either the public string or the whatever string.

I've also noticed if I do "show config snmp" after running "clear snmp community public", I see that exact command in the config. Normally if I run show config after running a clear command, I don't see the clear command listed in the config. Not sure if this has anything to do with it, just trying to give as much information as I can.

Any assistance would be greatly appreciated.

The cli normally shows only non default settings. Snmp has some basic settings that are visible as a clue that they should be changed. So "clear snmp community public" would be non default.

What management software are you using and is it configured with the "whatever" in place of public?
Robert Lawrence wrote:

I forgot to add a description so here is some more information on what is going on.

I've been asked to change the default SNMP (public by default) community strings on my Enterasys C2/C3 switches. When I type "clear snmp community public", I can' no longer see the switch in my management software (which is to be expected). However, when i type "set snmp community whatever" and try to reattach with my management software, it will not allow me.

Now, if I go back and "set snmp community public", I can connect via my management software using either the public string or the whatever string.

I've also noticed if I do "show config snmp" after running "clear snmp community public", I see that exact command in the config. Normally if I run show config after running a clear command, I don't see the clear command listed in the config. Not sure if this has anything to do with it, just trying to give as much information as I can.

Any assistance would be greatly appreciated.

I'm using Spiceworks Network Monitoring for testing purposes at the moment. I have configured to use the "whatever" in place of public.
Userlevel 7
Robert Lawrence wrote:

I forgot to add a description so here is some more information on what is going on.

I've been asked to change the default SNMP (public by default) community strings on my Enterasys C2/C3 switches. When I type "clear snmp community public", I can' no longer see the switch in my management software (which is to be expected). However, when i type "set snmp community whatever" and try to reattach with my management software, it will not allow me.

Now, if I go back and "set snmp community public", I can connect via my management software using either the public string or the whatever string.

I've also noticed if I do "show config snmp" after running "clear snmp community public", I see that exact command in the config. Normally if I run show config after running a clear command, I don't see the clear command listed in the config. Not sure if this has anything to do with it, just trying to give as much information as I can.

Any assistance would be greatly appreciated.

Hi Robert,

you can use
show snmp access [/code]to check the configured SNMP access methods.

Erik
Userlevel 4
I found the securestack article for using the USM / snmp v3.

How to configure SNMP version 3 on Securestack switches
Hi Robert.

I use this "script" and test by snmpwalk.

Clear snmp default
clear snmp access ro security-model v1

clear snmp access ro security-model v2c

clear snmp access public security-model v1

clear snmp access public security-model v2c

clear snmp access public security-model usm

clear snmp community public

clear snmp group ro ro secu v1

clear snmp group public public sec v1

clear snmp group ro ro security-model v2c

clear snmp group public public security-model v2c

clear snmp group public public security-model usm

clear snmp user public

Configure snmpv3

set snmp group user [u] security-model usm

set snmp user [u] authentication sha encryption des privacy nonvolatile

set snmp access security-model usm privacy exact read All notify All write All nonvolatile

Test snmpwalk

snmpwalk -v 3 -a SHA -A -u [u] -x des -X -l authPriv
Userlevel 2
ABC Series are a bit different than the others in terms of clearing out default snmp configuration and I've found that the little nuances are tricky as well. Normally, when I start working with the C's, I clear out everything and then put in my own snmp v3 config:
clear snmp access ro security-model v1
clear snmp access ro security-model v2c
clear snmp access public security-model v1
clear snmp access public security-model v2c
clear snmp access public security-model usm
clear snmp group ro ro security-model v1
clear snmp group ro ro security-model v2c
clear snmp group public public security-model v1
clear snmp group public public security-model v2c
clear snmp user public[/code]
Then:
set snmp group user [u] security-model usm
set snmp access security-model usm privacy exact read All write All notify All nonvolatile set snmp user [u] authentication md5 encryption des privacy [/code]That's it in a nutshell. You can change around your authentication algorithm and privacy encryption to match your nms.
Userlevel 2
Rich Upshaw wrote:

ABC Series are a bit different than the others in terms of clearing out default snmp configuration and I've found that the little nuances are tricky as well. Normally, when I start working with the C's, I clear out everything and then put in my own snmp v3 config:
clear snmp access ro security-model v1
clear snmp access ro security-model v2c
clear snmp access public security-model v1
clear snmp access public security-model v2c
clear snmp access public security-model usm
clear snmp group ro ro security-model v1
clear snmp group ro ro security-model v2c
clear snmp group public public security-model v1
clear snmp group public public security-model v2c
clear snmp user public[/code]
Then:
set snmp group user [u] security-model usm
set snmp access security-model usm privacy exact read All write All notify All nonvolatile set snmp user [u] authentication md5 encryption des privacy [/code]That's it in a nutshell. You can change around your authentication algorithm and privacy encryption to match your nms.

One more thing: You need to specify an interface to communicate over via snmp for the C series such as a loopback or an interface VLAN.

set snmp interface vlan 510[/code]
Userlevel 4
On the securestacks you will have 2 SNMP community lines by default 1. Set snmp community public 2. set snmp community :3fb03022e4966512343b511c263dcf1240739359ec6cad7d8c6277007e7e0657521e0641967b150156 ( which is also public) After you cleared them and want to set one it back To basically return to the default setting for community name public Set snmp community public Or You want a new community name then:use Set snmp community abc123 Your done Now basically use the commands after "then" by Rich, but there is one gotcha and that is the last command with the set Snmp user abc123 Authentication md5 xxx It will give you an error every time That is because you need to know the encryption of your md5 and des password and most likely do not know it so use the command set snmp user abc123 authentication md5 Sneakernet privacy Sneakernet it will encypt both Sneakernet passwords for you This can be seen with the command Show config snmp **** A note of interest for SNMPV3 configuration You will not need a snmp community if you are using USM which is actually SNMpv3 Jason
Userlevel 7
Hi,

C3 (and the other EOS devices) need an SNMP user and group for SNMPv1/v2c as well, not just for SNMPv3. Thus it is not sufficient to configure only a new community string. If you really want to use SNMPv1 (with community WHATEVER), you could do it as follows:
set snmp access WHATEVER security-model v1 exact read All write All notify All nonvolatile set snmp group WHATEVER user WHATEVER security-model v1 set snmp community WHATEVER[/code]You can replace v1 with v2c to use SNMP version 2 with community string.

I recommend to always use SNMPv3 instead of v1 or v2c.

Erik
First off, thanks all for the advice and help. I think I have it figured out because of all of the above responses. One thing I'm confused about when using v1 and v2: Does the group and user name have to match the community string? If so, why does the EOS hash the community string in the "show config snmp" output, but leaves the group name and user name plain text?

Reply