I have configured all switches and routing modules with new community strings. however if i do an snmp walk, the interface vlan addresses come up as public. how do i remove the default community strings from the vlan interfaces
The model is a 6509. I have configured snmp at both layer 3 and layer 2. I have used a tool called solarwinds. It picked up the VLAN Interface addresses as cisco default community strings public, which i would like to remove
1. If you're polling using Solarwinds, there are only a few things you can hit:
- The sc0 interface on the switch.
- The defined interfaces on the rtr (incl loop).
So if you're getting a response from Solarwinds indicating that something is responding to SNMP (with a string of public) on the "VLAN" interface - you're talking something defined on the router.
2. Therefore, this whole "layer 2" and "layer 3" thing is kind of a red herring. Let's talk router.
3. Just configuring a "new" SNMP string with the appropriate command, like this:
snmp-server community IBMRAWKS ro
or whatever only ADDS to the strings already defined. It doesn't REPLACE what already exists. You must clear the previous SNMP string using the "no" command - standard IOS. Like this:
no snmp-server community public ro
And BTW: From one IBM'er to another, ITCS guidelines dictate that you're supposed to secure the equipment from screens using an ACL. Like this:
snmp-server community LOUANDSAM ro 10
access-list 10 permit 184.108.40.206
access-list 10 permit 220.127.116.11
4. You should also screen your switches using IP Permit lists (I do for both SNMP and telnet). [Easy to do on Cat 5000 and Cat 6000's using CatOS.]
5. Don't forget to save your config.
6. I've been working on a "hardened" IOS for both internal and external routers, switches, etc. Since you're doing Solarwinds sweeps, perhaps we can touch base and exchange information? If you have a Sametime id - can you drop a note with it? Be nice to share information.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...