Hello all,
I am running SWOS 2.16 on my CSS106-5G-1S. I would like to see support for SNMPv3 added, as well as CPU stats via SNMP. I have Zabbix monitoring these devices and I get no CPU stats.
Thanks,
Steve
Devices running SwOS only use “CPU” for managing ASIC … so CPU stats are in this sense irrelevant for device performance.
What info can be pulled on CSS-devices with SwOS?
From the documentation:
SwOS supports SNMP v1 and v2c (the Response for GetRequest, GetNextRequest and GetBulkRequest) and uses IF-MIB, SNMPv2-MIB, BRIDGE-MIB and MIKROTIK-MIB (only for health, PoE-out and SFP diagnostics). SNMP traps and writing SwOS configuration are not supported.
Available SNMP data:
System information
System uptime
Port status
Interface statistics
Host table information
Okey, thank you!
How secure/insecure is it to use this?
Are there any ways you can secure SNMP when using SwOS?
For CRS switches and such i know you can add specific users and restrict rights etc for a specific snmp user, only for specific MAC addresses, ipnumbers/subnets.. etc.
I know SNMP can be a security issue.
Please inform me a little more.
SNMP v1 & v2c are not particularly secure, however as SwOS doesn’t support writes the worst case is information disclosure. There are other issues with SwOS - the UI uses basic digest authentication, content is not encrypted, the password is stored as hex ASCII in the configuration file.
Some mitigations can be used, e.g. restrict access via a specific management VLAN, implement network ACL elsewhere, and use a different password to that on secure devices, but you can’t overcome the device limitations completely.