Creating SNMP Communities on SNMP V1 and V2
SNMPv1 and v2 protocol uses communities as a method of controlling access to information. A community consists of the community string and community type. You can create a community using the following command:
CLI (network-admin@switch) > snmp-community-create community-string community-string-string community-type read-only|read-write
|
community-string community-string-string |
Specify a community name |
|
community-type read-only|read-write |
Specify the community type having read-only or read-write privileges. |
For example, to create a SNMP community string named, community1, with read-only privileges, use the following command:
CLI (network-admin@switch) > snmp-community-create community-string community1 community-type read-only
Note: Although NetVisor OS allows you to configure community strings "public" or "private", due to security reasons, we recommend not to use public/private community strings as SNMP community strings. This is because the public/private community strings are the industry default and commonly used community strings. Some vulnerability scanning tools may report the use of public/private community strings as a vulnerable configuration.
In NetVisor OS, the snmp-show command enables an SNMP walk internally on specific MIB tables or MIB elements. You can run an SNMP walk from any host where SNMP software is enabled.
To display the details of a Pluribus custom MIB using SNMP walk, pnFabricTable, use the command:
CLI (network-admin@switch) > snmp-show community-string community1 name pnFabricTable show-type walk
switch name value
------ -------------------- -------------------
switch FbIndex.100663455 Gauge32: 100663455
switch NodeName.100663455 STRING: switch.
switch FabricName.100663455 STRING: switch.
switch NodeState.100663455 Gauge32: 1
To modify the SNMP community, community1, to read-write, use the following command:
CLI (network-admin@switch) > snmp-community-modify community-string community1 community-type read-write
To display information about the SNMP community, community1, use the following command:
CLI (network-admin@switch) > snmp-community-show community-string community1
switch community-string community-type
------ ---------------- --------------
switch community1 read-write
To delete the SNMP community, community1, use the following command:
CLI (network-admin@switch) > snmp-community-delete community-string community1
Enabling SNMP Walk
To run an SNMP walk on the supported switches, you must ensure:
- The SNMP service is enabled on the switch by using the admin-service-show command:
CLI (network-admin@switch) > admin-service-show
switch if ssh nfs web web-ssl web-ssl-port web-port vrrp snmp net-api icmp
---------- ---- --- --- --- ------- ------------ -------- ---- ---- ------- ----
leo-ext-23 mgmt on off on off 443 80 off on on on
- The community-string is configured correctly on the switch using the command:
CLI (network-admin@switch) > snmp-community-show
switch community-string community-type
------ ---------------- --------------
switch community1 read-write
For more details, see the Creating SNMP Communities section.
- To get traps for particular SNMP trap receiver or NMS software, configure the SNMP trap sink host using the command:
CLI (network-admin@switch) > snmp-trap-sink-create community <community-string-name> type TRAP_TYPE_V2C_TRAP dest-host <destination-host>
For more details, see the Enabling SNMP Traps section.