cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
409
Views
0
Helpful
1
Replies

SNMP Recommendations

oneirishpollack
Level 1
Level 1

How do you balance SNMPs relative lack of security vs. its flexibility use in managing your network? How do you handle your edge router and SNMP?

Do you ever use it on Internet facing devices?

Never use SNMP v1?

What other “best practices” do you recommend?

1 Reply 1

yjdabear
VIP Alumni
VIP Alumni

SNMPv3 (particularly with AuthPriv) helps a lot in addressing most of the traditional stigmas about SNMP lacking security. With SNMPv2 and below, I don't think it's too dramatically different from other accesses (console/vty) to the network devices--deny all, then open holes only to hosts network admins want them to, as needed. Here's a good starter on configuring SNMP, with examples of ACL and SNMP Views to limit access:

http://www.netcraftsmen.net/resources/archived-articles/370-configuring-snmp-in-cisco-routers.html

That, and a good IDS/IPS setup capable of catching any NIC going into promiscuous mode on your LAN.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: