SNMP configuration in cisco routers
Hello all,
This is probably not a linux question, so i am putting it in general forum. I have found that routers running SNMP on udp port 161 generally have very weak RO and some times RW community string, which can be either found using dictionary attack or brute forcing. Why these community strings are available to the world (RO atleast) ? Is there not any way that we configure SNMP on router but give access to it from intranet only and not from internet ??? How to configure that ? regards |
of course there's a way, there are loads. firstly it is *YOUR* responsibiltiy to use a good community string in the first place. if the RO string is still "public", then you deserve all you get, right?
after that, standard access lists can be attached to a community string: Code:
Router(config)# snmp-server community c0m4cc3ss ro SNMPCLIENTS and of course you should be putting your routers behind well configured firewalls... |
Ok thanks,
Is there anything which can be configured on router from its GUI instead of configuring the ACL's ? regards |
No idea. Learn IOS properly. it's great.
|
All times are GMT -5. The time now is 09:30 AM. |