08-05-2021 06:53 PM
For security best practices typically I would only allow SNMP with RO (read only) access on network devices. Does XMC need write access to be allowed on Extreme switches for any functionality? These are all VOSS and EXOS switches. Thanks.
Solved! Go to Solution.
08-06-2021 04:59 AM
Hello Paulc,
in addition to Mig's answer. If you used XMC only for monitoring and you don't use ExtremeControl, then it is sufficient to have read-only access via SNMP.
However, XMC also offers the possibility to change configuration on the switch. For example you can change the name of a switch. Here write access is necessary.
Basically it is recommended (XMC best practise) to allow write access via SNMP, but this should be done via SNMPv3.
08-06-2021 01:26 PM
Great, thank you both!
08-06-2021 04:59 AM
Hello Paulc,
in addition to Mig's answer. If you used XMC only for monitoring and you don't use ExtremeControl, then it is sufficient to have read-only access via SNMP.
However, XMC also offers the possibility to change configuration on the switch. For example you can change the name of a switch. Here write access is necessary.
Basically it is recommended (XMC best practise) to allow write access via SNMP, but this should be done via SNMPv3.
08-05-2021 06:58 PM
Paulc,
The CoA (reauthentication 802.1X or MAC auth) is very often performed via SNMP.
If you want to secure that define an access policy that will allow SNMP to authorized devices only.
Mig