In this section:

Use the procedures presented in this page to enable access to an Element Management System (EMS) from the DSC and to configure community directives.

An EMS in this section is considered to be either: 

  • Insight Element Management System (Insight EMS)
  • GENView Manager (GVM)
  • Ribbon Application Management Platform (RAMP) 

Enable EMS Access

Note

For the EMS version supported on this platform, refer to DSC-SP2000 Interoperability Matrix.

Enabling the EMS access on the DSC modifies the snmpd configuration (snmpd.conf) and adds a new community string, ins_ems, which allows external and internal access to the system to modify the following Object Identifiers (OIDs):

Object Identifiers (OIDs)Description
.1.3.6.1.4.1.1556.17.15.306.1.1.9this is single interval stats files
.1.3.6.1.4.1.1556.17.15.306.1.1.11this is active traps
.1.3.6.1.4.1.1556.17.15.306.308.316.1this is the trap host table


The OIDs are only available for modification after the EMS is enabled.

The ins_ems community string is the only external access allowed to the system through SNMP commands. This string is read-only, and, therefore, the OID values cannot be modified.

You can enable EMS access using the following methods:

  • executing the the initial configuration procedure. Refer to the DSC Installation Guides.
  • using the Web UI

Start

  1. Logon to the Web UI.
  2. Under Systems, click IP Networking.
  3. Click SNMP.
  4. Click Enable | Disable EMS Access as required.

False Positives Security Vulnerabilities

Third party scans such as the Nessus plugins may report some false positives vulnerabilities such as: 

  • SNMP Agent Default Community Name (public)
  • SNMP 'GETBULK' Reflection DDoS

The default community names on the SNMP server can be guessed. An attacker may use this information to gain access to the system or cause a denial of service attack by issuing ‘GETBULK’ requests which returns large amount of data. 

To resolve this issue, and reduce public vulnerability so data can be protected, you can change the default community name string. See Configure snmpv2 Community Directives.

Naming Convention Limitations for Community Strings

You must comply with some naming convention limitations when configuring the ro and rw community strings for the DSC 8000 and DSC SWe. These limitations are as follows.

  • community strings are limited to 64 characters for backwards compatibility
  • alphanumeric characters are allowed
  • hyphens and underscores are allowed

Configure snmpv2 Community Directives

The following procedure provides you with the steps to configure snmpv2 community directives.

Start

  1. From the Main Menu, click IP Networking.
  2. Click SNMP.
  3. Enter the required information in the SNMPv2 Read Only Community Name and SNMPv2 Read/Write Community Name
  4. Click Commit.
     
Note

Read/Write Community allows SNMPv2 commands to change a specific set of attributes. These attributes are listed in oid form in the snmpd.conf file. The attributes can only be changed on the local system (localhost).

Read Only Community allows SNMPv2 commands to read any attribute from inside or outside of the system but they are not authorized to make changes. As such, using snmpset commands with this community string type do not work.