technology, networking and IP telephony
Changing SNMP Community Strings
In this day and age it’s not a very good idea to leave the default SNMP community strings configured in any network electronics. The general default configuration uses public for read-only and private for read-write, these defaults apply to the Nortel Ethernet Switch and the Nortel Ethernet Routing Switch.
You can certainly do this from Nortel’s Java Device Manager, however, you need to be careful that you don’t saw off the branch you’re standing on when you change the SNMP community string. It’s best to configure the SNMP community strings from the CLI interface to avoid any potential issues.
Here are the CLI commands to configure the SNMP community strings on the ERS 8600 and 1600 switch. In the example below we’ll set the read-only string to open and the read-write string to lock.
ERS-8610:5# config snmp-v3 community commname first new-commname open ERS-8610:5# config snmp-v3 community commname second new-commname lock
Here are the CLI commands to configure the SNMP community strings on the ERS 4500, ERS 5500 and ES460/470 switches. In the example below we’ll set the read-only string to open and the read-write string to lock.
5520-48T-PWR (config)# snmp-server community open ro 5520-48T-PWR (config)# snmp-server community lock rw
Cheers!
Related posts:
| Print article | This entry was posted by Michael McNamara on October 20, 2009 at 10:00 pm, and is filed under EthernetRtngSwitch, EthernetSwitch, Nortel. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
Loading ...
about 10 months ago
A suggestion that folks consider moving to SNMP v3. It’s not that hard to setup and will provide end-to-end encryption between DM and the device.
about 10 months ago
Hi Tom,
While I won’t disagree with you, I’m not surethere’s an absolute need for SNMP v3 within a private corporate network. It’s roughly akin to using SSH as opposed to telnet for remote CLI access. I’d be happy with people just changing the default SNMP community strings.
In any case I hope to cover how to configure SNMP v3 in the next post and then SSH in subsequent posts.
Thanks for the comment!
about 10 months ago
Hi Michael,
Very informative blog you have…. I’d like to be able to change snmp strings for quite a number of ES470s and ERS8600s. Do you have a script or tool you have used in the past to accomplish the same ?
Thank you for your time.
about 10 months ago
Hi Gbenga,
I’ve written a few Expect scripts that essentially telnet into the switches and then issue the appropriate CLI commands.
If you are familiar with Linux I could provide you a few examples.
Cheers!
about 10 months ago
Have you used CLImanager (freebie from Nortel – https://app23.nortelnetworks.com/climanager/)? It is easy to connect to multiple devices and issue the commands to all connected devices. Or put the commands in a script and run it against a list of devices.
Let me know if you need any more info.
Ian
about 10 months ago
Hi IanNorm,
You’ve stumbled onto a gem with CLImanager. When we had Nortel Passport 6480/7480 ATM switches we used CLImanager to help manage them. I haven’t used CLImanager recently but it could certainly accomplished the task (I’m not sure how many switches it could configure at once). I’ve personally just become accustom to writing Expect scripts on a CentOS Linux server. For anyone that’s not familiar with Except, then CLImanager might be a nice alternative. You actually don’t need to even script anything. CLImanager will literally login to multiple switches at one time, you issue a single command and it will pass that command on to every switch that you are logged into, pretty neat stuff. I know the author of CLImanager, Brett Sinclair, and he’s a very sharp fellow.
Cheers!
about 10 months ago
I know Brett as well – I worked at Nortel for 10 years working on management solutions for MSS (aka Passport) 6K, 7K, 15K switches. If anyone ever needs any help with MDM give me a shout! So, yes, I’ve been using CLImanager extensively for many years – batch files, CLI*Script files, Java plugins, etc. If anyone needs any help with CLImanager let me know.
about 10 months ago
Hi Michael,
Thank you for your response. I am not familiar with Linux but I can always figure it out… It’s the least I can do. I will be glad to have the examples you talk about using Expect. I presume this will work with ssh too because all these devices have telnet disabled.
Regards,
about 10 months ago
Let me dig up a sample Expect script and post it here…
Here’s an Expect script that will configure the Daylight Saving Time on the Nortel 460,470,2500,4500,5500,5600 switches. You can easily adopt this script to reset the SNMP community strings as oppose to reconfiguring the date/time.
Expect Script: set-nortel-timezone.exp.txt
Bash Script that calls Expect script: set-nortel-timezone.sh.txt.
You can read more about it in this post; http://blog.michaelfmcnamara.com/2008/07/expect-script-daylight-saving-time.
Cheers!
about 10 months ago
Thank you so much for all the input.. CLImanager definitely dummies it up..I tested okay with telnet however I seem to be running into issues with ssh enabled switches. It logins okay but then I am not at the proper prompt.. when I attempt to type anything it comes back with ” invalid timeout value” error.
about 3 months ago
Hi Michel/IanNorm
I’m using CLImanager and trying to write a script to login to UNIX machine. I’ve input the username/passwd via script but not lucky.
cmd (“telnet 10.10.10.10″);
waitfor(“login: “)
send(“test”);
waitfor(“Password: “)
send(“test”);
The CLImanager hangs at the login prompt and does nothing.
Please let me know who can I use this way to connect to my machine.
Thanks and Regards,
Nvinh
about 3 months ago
Hi IanNorm,
Could you please share me some script or document of CLIManager?
I would like to catch the result from a command but I don’t know how to do that.
my mail: ngocvinh1906@yahoo.com
Thanks and regards,
Nvinh