10-09-2009 06:51 PM
As a best practice when creating an snmp-server view, should these views be excluded?
snmp-server view cutdown snmpUsmMIB excluded
snmp-server view cutdown snmpVacmMIB excluded
snmp-server view cutdown snmpCommunityMIB excluded
Solved! Go to Solution.
10-09-2009 07:25 PM
No, it's not included automatically. You would need to include these branches in your custom view.
10-09-2009 07:08 PM
Absolutely. With these branches included, one could learn the SNMP credentials of the device. The default v1default view is defined as:
v1default iso - included permanent active
v1default internet.6.3.15 - excluded permanent active
v1default internet.6.3.16 - excluded permanent active
v1default internet.6.3.18 - excluded permanent active
v1default ciscoMgmt.394 - excluded permanent active
v1default ciscoMgmt.395 - excluded permanent active
v1default ciscoMgmt.399 - excluded permanent active
v1default ciscoMgmt.400 - excluded permanent active
Which essentially excludes all of the branches which could result in security compromise.
10-09-2009 07:21 PM
Thanks. Is the v1default view included automatically when I create a new view, or do I need to add these in?
10-09-2009 07:25 PM
No, it's not included automatically. You would need to include these branches in your custom view.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: