In this section:
Use the procedures presented in this page to enable access to an Element Management System (EMS) from the DSC and to configure community directives.
An EMS in this section is considered to be either:
For the EMS version supported on this platform, refer to DSC-SP2000 Interoperability Matrix.
Enabling the EMS access on the DSC modifies the snmpd configuration (snmpd.conf) and adds a new community string, ins_ems, which allows external and internal access to the system to modify the following Object Identifiers (OIDs):
Object Identifiers (OIDs) | Description |
---|---|
.1.3.6.1.4.1.1556.17.15.306.1.1.9 | this is single interval stats files |
.1.3.6.1.4.1.1556.17.15.306.1.1.11 | this is active traps |
.1.3.6.1.4.1.1556.17.15.306.308.316.1 | this is the trap host table |
The OIDs are only available for modification after the EMS is enabled.
The ins_ems community string is the only external access allowed to the system through SNMP commands. This string is read-only, and, therefore, the OID values cannot be modified.
You can enable EMS access using the following methods:
Start
Third party scans such as the Nessus plugins may report some false positives vulnerabilities such as:
The default community names on the SNMP server can be guessed. An attacker may use this information to gain access to the system or cause a denial of service attack by issuing ‘GETBULK’ requests which returns large amount of data.
To resolve this issue, and reduce public vulnerability so data can be protected, you can change the default community name string. See Configure snmpv2 Community Directives.
You must comply with some naming convention limitations when configuring the ro and rw community strings for the DSC 8000 and DSC SWe. These limitations are as follows.
The following procedure provides you with the steps to configure snmpv2 community directives.
Start
Read/Write Community allows SNMPv2 commands to change a specific set of attributes. These attributes are listed in oid form in the snmpd.conf file. The attributes can only be changed on the local system (localhost).
Read Only Community allows SNMPv2 commands to read any attribute from inside or outside of the system but they are not authorized to make changes. As such, using snmpset commands with this community string type do not work.