1. DSR Security Guide
  2. Ethernet Switch Considerations

7 Ethernet Switch Considerations

This section describes security-related configuration changes that can be made to the ethernet demarcation switches.

7.1 Configuring SNMP in Switches

This section describes the procedure to configure SNMP in all the essential switches.

It is essential to configure all the switches successfully according to the procedures described in DSR C-Class Hardware and Software Installation Procedure 1/2 Guide and DSR C-Class Hardware and Software Installation Procedure 2/2 Guide. For more information, see the References section.
  • Configure Cisco 3020 switch (netConfig), and/or
  • Configure HP 6120XG switch (netConfig), and/or
  • Configure Cisco 4948/4948E/4948E-F (netConfig)
Perform the following steps to configure SNMP in all the switches:
  1. Log into the server as root user and list all the configured switches by running the following command:
    # netConfig --repo listDevices

    Refer to application documentation to determine which switches to add/remove from the community string while making a note of the DEVICE NAME of each switch. This is used as <switch_name>.

  2. For any given switch by <switch_name>, display SNMP community information by running the following command:
    # netConfig getSNMP --device=<switch_name>
  3. For any given switch by <switch_name>, display its SNMP trap information by running the following command:
    #netConfig listSNMPNotify --device=<switch_name>

    Note:

    1. If the Could not lock device displays, type the following command to clear the lock to proceed:
      # netConfig --wipe --device=<switch_name>
    2. Reply y, if prompted.

7.2 Configuring Community Strings

This section describes the procedure to configure community strings.

Perform the following steps to configure community strings:
  1. To add a community string to ANY switch by <switch name>, type the following command with appropriate switch name:
    #netConfig addSNMP -–device=<switch name> community=<community string> uauth=RO
  2. To delete a community string to ANY switch by <switch name>, type the following command with appropriate switch name:
    #netConfig deleteSNMP --device=<switch_name> community=<community_string>

7.3 Configuring SNMP Traps

This section describes the procedure to configure traps.

Perform the following steps to configure the traps:
  1. To add a trap server, type the following command with appropriate switch name:
    #netConfig addSNMPNotify --device=<switch_name> host=<snmp_server_ip> version=2c auth=<community_string> [traplvl=not-info]
  2. To delete a trap server, type the following command with appropriate switch name:
    #netConfig deleteSNMPNotify --device=<switch_name> host=<snmp_server_ip> version=2c auth=<community_string> [traplvl=not-info]

    Note:

    traplvl=not-info in the command is needed only in case of the 6120XG, 6125G, and 6125XLG switches. The switches 4948 or 3020 do not need this field in the above commands.