11-30-2013 08:49 PM
Looking to disable all the access using SNMPv1/v2c on DCX switches running FOS 6.4.2b.
Trying to use #snmpconfig --disable snmpv1
but getting wrong options used...
11-30-2013 11:26 PM
The option to --disable is present in FOS7 for sure, but Im not sure if it is in FOS6.4.
If your syntax is correct per CMD ref guide the switch simply does not understand the options given.
If you want to disable snmp all together, block it by using the ipfilter to block port 161
12-01-2013 09:51 PM
Just to make sure, you do want to use snmpv3?
If so ipfilter is useless but if you want to block snmp completely (like I stated in previous post) it well do the job.
Using ipfilter is similar to using other commands.
help ipfilter gives you syntax/operands/examples from which you can work of.
Please note that, lathough you may not be aware of it, the switch is already running a default rulebase for ipfilter.
It is best to keep that one as is, clone it, make alteration in the clone, and activate the clone.
Please be aware that if done wrong, you may end up with a switch blocked management services (ssh telnet http set to deny).
In such an event you can revert your action if you have a serial connection. .
So better make sure you have a proper serial cable and test if you can connect to the switch using the serial cable before you attempt this.
12-02-2013 06:45 AM
Thanks for the input.
I want to still use SNMPv3 and disable only SNMPV1/V2c.
any other way or disabling SNMPV1 alone?
12-02-2013 03:21 PM - edited 12-02-2013 03:22 PM
i think since both snmp versions use the same ports 161 & 162, it won't be possible to run only snmpv3 and delete snpmv1/v2c.
ipfilter works on blocking the port.
why is it that you want to disable it completely ? any security reason or something ?