10-09-2009 06:51 PM
As a best practice when creating an snmp-server view, should these views be excluded?
snmp-server view cutdown snmpUsmMIB excluded
snmp-server view cutdown snmpVacmMIB excluded
snmp-server view cutdown snmpCommunityMIB excluded
Solved! Go to Solution.
10-09-2009 07:25 PM
No, it's not included automatically. You would need to include these branches in your custom view.
10-09-2009 07:08 PM
Absolutely. With these branches included, one could learn the SNMP credentials of the device. The default v1default view is defined as:
v1default iso - included permanent active
v1default internet.6.3.15 - excluded permanent active
v1default internet.6.3.16 - excluded permanent active
v1default internet.6.3.18 - excluded permanent active
v1default ciscoMgmt.394 - excluded permanent active
v1default ciscoMgmt.395 - excluded permanent active
v1default ciscoMgmt.399 - excluded permanent active
v1default ciscoMgmt.400 - excluded permanent active
Which essentially excludes all of the branches which could result in security compromise.
10-09-2009 07:21 PM
Thanks. Is the v1default view included automatically when I create a new view, or do I need to add these in?
10-09-2009 07:25 PM
No, it's not included automatically. You would need to include these branches in your custom view.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide