topic Prevent Read-only users from viewing Read-Write/Admin SNMP Credentials in FAQs https://community.extremenetworks.com/t5/faqs/prevent-read-only-users-from-viewing-read-write-admin-snmp/m-p/46361#M390 Article ID: 5898 <BR /> <BR /> <B>Protocols/Features</B><BR /> SNMP <BR /> <BR /> <B>Goal</B><BR /> Prevent Read-only users from viewing Read-Write or Admin SNMP credentials <BR /> <BR /> <B>Symptoms</B><BR /> RO users can see rw / admin snmp credentials in the MIBs <BR /> <BR /> <B>Cause</B><BR /> When setting up SNMPv1/2/3 configurations, it is not unusual to allow each user an unrestricted view of the entire MIB Tree. <BR /> <BR /> Doing this for read-only groups (and thus, read-only users) unfortunately allows them the possibility of viewing the branch containing the SNMP configuration parameters, which could then be used to provide sufficient credentials to obtain read-write or admin level SNMP access. <BR /> <BR /> <B>Solution</B><BR /> FAD (Functions as Designed) <BR /> <BR /> The following command sequence creates an SNMP view (<A href="http://bit.ly/1c2ANeF" target="_blank" rel="nofollow noreferrer noopener">5610</A>) permitting full MIB access <I>except</I> for the 'snmpV2=1.3.6.1.6' branch:<BR /> set snmp view viewname RO subtree 1<BR /> set snmp view viewname RO subtree 0.0<BR /> set snmp view viewname RO subtree 1.3.6.1.6 excluded<BR /> <BR /> For any SNMP version this (case-sensitive) 'RO' view may then be referenced instead of the default 'All' view, in the 'set snmp access' commands for read-only groups (<A href="http://bit.ly/1914OY1" target="_blank" rel="nofollow noreferrer noopener">5245</A>). Sun, 24 Nov 2013 22:42:00 GMT FAQ_User 2013-11-24T22:42:00Z Prevent Read-only users from viewing Read-Write/Admin SNMP Credentials https://community.extremenetworks.com/t5/faqs/prevent-read-only-users-from-viewing-read-write-admin-snmp/m-p/46361#M390 Article ID: 5898 <BR /> <BR /> <B>Protocols/Features</B><BR /> SNMP <BR /> <BR /> <B>Goal</B><BR /> Prevent Read-only users from viewing Read-Write or Admin SNMP credentials <BR /> <BR /> <B>Symptoms</B><BR /> RO users can see rw / admin snmp credentials in the MIBs <BR /> <BR /> <B>Cause</B><BR /> When setting up SNMPv1/2/3 configurations, it is not unusual to allow each user an unrestricted view of the entire MIB Tree. <BR /> <BR /> Doing this for read-only groups (and thus, read-only users) unfortunately allows them the possibility of viewing the branch containing the SNMP configuration parameters, which could then be used to provide sufficient credentials to obtain read-write or admin level SNMP access. <BR /> <BR /> <B>Solution</B><BR /> FAD (Functions as Designed) <BR /> <BR /> The following command sequence creates an SNMP view (<A href="http://bit.ly/1c2ANeF" target="_blank" rel="nofollow noreferrer noopener">5610</A>) permitting full MIB access <I>except</I> for the 'snmpV2=1.3.6.1.6' branch:<BR /> set snmp view viewname RO subtree 1<BR /> set snmp view viewname RO subtree 0.0<BR /> set snmp view viewname RO subtree 1.3.6.1.6 excluded<BR /> <BR /> For any SNMP version this (case-sensitive) 'RO' view may then be referenced instead of the default 'All' view, in the 'set snmp access' commands for read-only groups (<A href="http://bit.ly/1914OY1" target="_blank" rel="nofollow noreferrer noopener">5245</A>). Sun, 24 Nov 2013 22:42:00 GMT https://community.extremenetworks.com/t5/faqs/prevent-read-only-users-from-viewing-read-write-admin-snmp/m-p/46361#M390 FAQ_User 2013-11-24T22:42:00Z