Posts tagged ERS8600

How to restrict SNMP community strings on the ERS8600

October 24, 2009

by Michael McNamara in EthernetRtngSwitch, Nortel

Here’s a guest post (re-post from discussion forums) from Forrequi detailing the steps he took to setup an SNMP community string that could be used by a third party to poll the temperature readings of the Nortel Ethernet Routing Switch 8600.

Today I’ve a little challenge on my network: configure a permission to a specific IP for read the temperature of two ERS8600. This specific host don’t become part of my management network, so I can’t use the same snmp read community. I don’t like to free everything on the core to be read, so I start to liberate only the specific OID (temperature of chassis) on my two ERS8600, and only for the specific IP of the host, with a new read community.

After some study on Nortel documentation (2008_04_04_SNMP_on_ERS_8600_TCG_NN48500564.pdf) I present us my little todo for everone that needs some similar, because this document is not the mos objective guide of the world. My steps:

Step1: Create a MIB view, called “only_temp”, restricted for the temperature OID:

config snmp-v3 mib-view create only_temp 1.3.6.1.4.1.2272.1.100.1.2.0 type include

View the changes:

config snmp-v3 mib-view info

Step2: Create a access group called “group_temp”, with snmpv1 and v2c, no authentication, reading the “only_temp” mib-view:

config snmp-v3 group-access create group_temp "" snmpv1 noAuthNoPriv
config snmp-v3 group-access create group_temp "" snmpv2c noAuthNoPriv
config snmp-v3 group-access view group_temp "" snmpv1 noAuthNoPriv read only_temp write only_temp
config snmp-v3 group-access view group_temp "" snmpv2c noAuthNoPriv read only_temp write only_temp

View the changes:

config snmp-v3 group-access info

Step3: Create the user “user_temp” inside the group:

config snmp-v3 group-member create user_temp snmpv1 group_temp
config snmp-v3 group-member create user_temp snmpv2c group_temp

View the changes:

config snmp-v3 group-member info

Step4: Create a new community “ers8600″, index “third” (the first and second already exist, adapt for you scenario), for the user “user_temp”

config snmp-v3 community create third ers8600 user_temp

View the changes:

config snmp-v3 community info

Step5: Create a new access-policy (policy 6 in my case) for the specific IP 10.10.10.1 (where the temperature has been monitored):

config sys access-policy policy 6 create
config sys access-policy policy 6 name policy6
config sys access-policy policy 6 accesslevel ro
config sys access-policy policy 6 network 10.10.10.1/255.255.255.255
config sys access-policy policy 6 snmp-group-add group_temp snmpv1
config sys access-policy policy 6 snmp-group-add group_temp snmpv2c
config sys access-policy policy 6 service telnet disable
config sys access-policy policy 6 service ssh disable
config sys access-policy policy 6 service tftp disable
config sys access-policy policy 6 service ftp disable
config sys access-policy policy 6 service snmpv3 enable

I hope this can help someone. Bye!

I think this was a great post and appreciate Forrequi sharing this with everyone!

Cheers!

ERS8600 SNMP

Changing SNMP Community Strings

October 20, 2009

by Michael McNamara in EthernetRtngSwitch, EthernetSwitch, Nortel

In this day and age it’s not a very good idea to leave the default SNMP community strings configured in any network electronics. The general default configuration uses public for read-only and private for read-write, these defaults apply to the Nortel Ethernet Switch and the Nortel Ethernet Routing Switch.

You can certainly do this from Nortel’s Java Device Manager, however, you need to be careful that you don’t saw off the branch you’re standing on when you change the SNMP community string. It’s best to configure the SNMP community strings from the CLI interface to avoid any potential issues.

Here are the CLI commands to configure the SNMP community strings on the ERS 8600 and 1600 switch. In the example below we’ll set the read-only string to open and the read-write string to lock.

ERS-8610:5# config snmp-v3 community commname first new-commname open
ERS-8610:5# config snmp-v3 community commname second new-commname lock

Here are the CLI commands to configure the SNMP community strings on the ERS 4500, ERS 5500 and ES460/470 switches. In the example below we’ll set the read-only string to open and the read-write string to lock.

5520-48T-PWR (config)# snmp-server community open ro
5520-48T-PWR (config)# snmp-server community lock rw

Cheers!

ERS4500 ERS5500 ERS8600 ES460 ES470 SNMP

Nortel ERS 8600 Software 5.1, 5.1.1 Pulled

October 16, 2009

by Michael McNamara in EthernetRtngSwitch, Nortel

In a move that I support Nortel has pulled 5.1 and 5.1.1 software for the Nortel Ethernet Routing Switch 8600 from their support website. The purpose behind removing the older software releases is to help remove the confusion surrounding which software folks should be upgrading to. I’m personally running 5.1.1 on two ERS8606 switches which have been running for almost 60 days now and I haven’t seen any issues or problems.

You can find the bulletin here.

Cheers!

ERS8600 SOFTWARE RELEASE

« Previous 1 ... 8 9 10 11 12 ... 21 Next »

SPONSOR
Tweets
Blogroll
LICENSE
This blog licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
This license lets others remix, tweak, and build upon my work even for commercial purposes, as long as they credit me and license their new creations under the identical terms.
You must provide attribution in the derived work and you must include a link to the original content.

Go to Top

Posts tagged ERS8600

How to restrict SNMP community strings on the ERS8600

Changing SNMP Community Strings

Nortel ERS 8600 Software 5.1, 5.1.1 Pulled

SPONSOR

Tweets

Blogroll

LICENSE