Disable Unapproved SNMP Protocols (Oracle ILOM)
By default, only the SNMPv3 protocol is enabled for the SNMP service that is
used to monitor and manage the Oracle ILOM. Ensure that older versions of the
SNMP protocol remain disabled unless required.
Some Oracle and third-party products are limited in their support for newer
SNMP protocol versions. Refer to the product documentation associated with those
components to confirm their support for specific SNMP protocol versions. Ensure
that Oracle ILOM is configured to support any protocol versions required by
those components.
Note -
Version 3 of the SNMP protocol introduced support for the User-based
Security Model (USM). This functionality replaces the traditional SNMP
community strings with actual user accounts that can be configured with
specific permissions, authentication, and privacy protocols, and passwords.
By default, Oracle ILOM does not include any USM accounts. Configure SNMPv3
USM accounts based upon your own deployment, management, and monitoring
requirements.
-
On the management network, log into Oracle ILOM.
See Log in to the Oracle ILOM CLI.
-
Determine the status of each of the SNMP protocols.
-> show /SP/services/snmp v1 v2c v3
/SP/services/snmp
Properties:
v1 = disabled
v2c = disabled
v3 = enabled
-
If needed, disable SNMPv1 and SNMPv2c.
-> set /SP/services/snmp v1=disabled
-> set /SP/services/snmp v2c=disabled
-
Verify the setting by repeating Step 2.