Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

best practice for snmp-server views?

As a best practice when creating an snmp-server view, should these views be excluded?

snmp-server view cutdown snmpUsmMIB excluded

snmp-server view cutdown snmpVacmMIB excluded

snmp-server view cutdown snmpCommunityMIB excluded

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: best practice for snmp-server views?

No, it's not included automatically. You would need to include these branches in your custom view.

3 REPLIES
Cisco Employee

Re: best practice for snmp-server views?

Absolutely. With these branches included, one could learn the SNMP credentials of the device. The default v1default view is defined as:

v1default iso - included permanent active

v1default internet.6.3.15 - excluded permanent active

v1default internet.6.3.16 - excluded permanent active

v1default internet.6.3.18 - excluded permanent active

v1default ciscoMgmt.394 - excluded permanent active

v1default ciscoMgmt.395 - excluded permanent active

v1default ciscoMgmt.399 - excluded permanent active

v1default ciscoMgmt.400 - excluded permanent active

Which essentially excludes all of the branches which could result in security compromise.

New Member

Re: best practice for snmp-server views?

Thanks. Is the v1default view included automatically when I create a new view, or do I need to add these in?

Cisco Employee

Re: best practice for snmp-server views?

No, it's not included automatically. You would need to include these branches in your custom view.

1292
Views
0
Helpful
3
Replies