Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!shelby!agate!ucbvax!NSCULTRIX1.NETWORK.COM!dotytr From: dotytr@NSCULTRIX1.NETWORK.COM (Ted R. Doty) Newsgroups: comp.protocols.tcp-ip Subject: (none) Message-ID: <9102141500.AA14166@nscultrix1.network.com> Date: 14 Feb 91 15:00:41 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 52 Mike Brown receintly asked (<1991Feb12.042501.6758@cec1.wustl.edu>) >I recently learned that a major U.S. router vendor defines SNMP management >as the ability to "monitor" their equipment via SNMP and not the >configuration of the equipment via SNMP. I believe that I understand >the security problems related to SNMP and why caution must be exercised >with the use of SNMP to configure network elements. I still believe that >SNMP can be an effective configuration mechanism in certain networks. > > >My question is: Does any router vendor support configuration via SNMP? > >If you think I am naive for using SNMP to configure network elements then >please let me know... > > Regards, > Mike Brown Corporate Telecommunications > Information Systems > One Bell Center, Rm 24-V-5 > Southwestern Bell Telephone Co. > St. Louis, MO 63101 > (314) 235-7863 I'm not speaking for Network Systems, but I do have a little information you can use as you will. In theory, SET allows a client to manipulate variables that could control router parameters. In fact, RFC 1157 (I think that's the right number) gives an example of using a "NumSecondsToReboot" variable to perform this kind of task, rather than having to implement a "Reboot" command in the agent. So the theoretical answer to your question is yes. However, there are a number of security issues here (I know that security isn't a popular topic with a lot of people, but I invite you to read Cliff Stoll's "The Cuckoo's Egg" before skoffing in my direction). People I talk to in development don't think that the community mechanism provides enough security, and say that developers in other companies feel the same. In any case, I havn't heard of anyone who lets you muck with their router configuration via SNMP. I hear that there's an SNMP Authentication RFC somewhere in the mill. Perhaps someone else can shed some light on that. As a practical solution for you, can't you use Telnet? Everyone supports it, and this way your door isn't COMPLETELY unlocked (just mostly unlocked). ----------------------------------------------------------------------------- Ted Doty | tel. +1 301 596-2270 Network Systems Corp. | voice mail (800) 233-1485 x4436 ted.doty@network.com | fax: +1 301 381 3320 ----------------------------------------------------------------------------- These views are my own, not Network Systems'.