This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prevent Read-only users from viewing Read-Write/Admin SNMP Credentials

Prevent Read-only users from viewing Read-Write/Admin SNMP Credentials

FAQ_User
Extreme Employee

‎11-24-2013 02:42 PM

Article ID: 5898

Protocols/Features
SNMP

Goal
Prevent Read-only users from viewing Read-Write or Admin SNMP credentials

Symptoms
RO users can see rw / admin snmp credentials in the MIBs

Cause
When setting up SNMPv1/2/3 configurations, it is not unusual to allow each user an unrestricted view of the entire MIB Tree.

Doing this for read-only groups (and thus, read-only users) unfortunately allows them the possibility of viewing the branch containing the SNMP configuration parameters, which could then be used to provide sufficient credentials to obtain read-write or admin level SNMP access.

Solution
FAD (Functions as Designed)

The following command sequence creates an SNMP view (5610) permitting full MIB access except for the 'snmpV2=1.3.6.1.6' branch:
set snmp view viewname RO subtree 1
set snmp view viewname RO subtree 0.0
set snmp view viewname RO subtree 1.3.6.1.6 excluded

For any SNMP version this (case-sensitive) 'RO' view may then be referenced instead of the default 'All' view, in the 'set snmp access' commands for read-only groups (5245).
0 Kudos
0 REPLIES 0
GTM-P2G8KFN