I need some clarification on Cisco's recommended fix for switches running CatOS which are affected by this bug:
I've never worked on CatOS devices before, so want to make sure I've got this right (before I finish the document I've been asked to produce to roll out the workaround
.
As described on the Cisco website, the "vulnerability described in CSCds19674 for CatOS can be remedied by using the "set snmp view" command to prevent access to the SNMP-VIEW-BASED-ACM-MIB. For example:
switch#set snmp view defaultUserView 1.3.6.1.6.3.16.1.2 excluded nonvolatile
Now my question is, how does the view get applied to the community string(s)? In IOS I know you use the snmp-server community private view viewname command, but there doesn't appear to be any equivalent in CatOS? Is any view with the name defaultUserView automatically applied to all community strings? Having never worked on CatOS devices I'm a bit out of my depth, so any help appreciated!
Thanks
Graham
I've never worked on CatOS devices before, so want to make sure I've got this right (before I finish the document I've been asked to produce to roll out the workaround
.As described on the Cisco website, the "vulnerability described in CSCds19674 for CatOS can be remedied by using the "set snmp view" command to prevent access to the SNMP-VIEW-BASED-ACM-MIB. For example:
switch#set snmp view defaultUserView 1.3.6.1.6.3.16.1.2 excluded nonvolatile
Now my question is, how does the view get applied to the community string(s)? In IOS I know you use the snmp-server community private view viewname command, but there doesn't appear to be any equivalent in CatOS? Is any view with the name defaultUserView automatically applied to all community strings? Having never worked on CatOS devices I'm a bit out of my depth, so any help appreciated!
Thanks
Graham
