best practice for snmp-server views?

Answered Question
Oct 9th, 2009

As a best practice when creating an snmp-server view, should these views be excluded?

snmp-server view cutdown snmpUsmMIB excluded

snmp-server view cutdown snmpVacmMIB excluded

snmp-server view cutdown snmpCommunityMIB excluded

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 7 years 1 month ago

No, it's not included automatically. You would need to include these branches in your custom view.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Fri, 10/09/2009 - 19:08

Absolutely. With these branches included, one could learn the SNMP credentials of the device. The default v1default view is defined as:

v1default iso - included permanent active

v1default internet.6.3.15 - excluded permanent active

v1default internet.6.3.16 - excluded permanent active

v1default internet.6.3.18 - excluded permanent active

v1default ciscoMgmt.394 - excluded permanent active

v1default ciscoMgmt.395 - excluded permanent active

v1default ciscoMgmt.399 - excluded permanent active

v1default ciscoMgmt.400 - excluded permanent active

Which essentially excludes all of the branches which could result in security compromise.

david.fernandes... Fri, 10/09/2009 - 19:21

Thanks. Is the v1default view included automatically when I create a new view, or do I need to add these in?

Correct Answer
Joe Clarke Fri, 10/09/2009 - 19:25

No, it's not included automatically. You would need to include these branches in your custom view.

Actions

This Discussion