Dell MX9116n SmartFabric OS10 Security Best Practices Guide July 2020 - Page 15
Banner rules, SNMP rules
![]() |
View all Dell MX9116n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 15 highlights
Rationale: Enable login statistics to view user login information, including the number of successful and failed logins, role changes, and the last time a user logged in, displays after a successful login. After enabling login statistics, you can use the show login statistics {all | user} command to view user login information. Configuration: OS10(config)# login-statistics enable OS10(config)# exit OS10# write memory Banner rules Display a message before and after a user logs in to the system. These messages can communicate legal rights to the user and assume consent to the usage policy by the user. Enable login banner Rationale: The login banner is displayed to the user when the user attempts to log in to the system. Configuration: OS10(config)# banner login % DellEMC S4148U-ON login Enter your username and password % OS10(config)# exit OS10# write memory Enable login banner Rationale: The login banner is displayed after the user logs in to the system. Configuration: OS10(config)# banner motd % DellEMC S4148U-ON login Enter your username and password % OS10(config)# exit OS10# write memory SNMP rules Restricted Simple Network Management Protocol (SNMP) access improves device security when SNMP is used. Forbid read and write access to a sprbacecific SNMP community Rationale: Forbid read and write access to one or more SNMP communities so that an unauthorized entity cannot remotely manipulate the device. Configuration: OS10(config)# no snmp-server community community_string {ro | rw} OS10(config)# exit OS10# write memory Forbid access to SNMP without ACL Rationale: If no ACL is configured, anyone with a valid SNMP community string can access the system and potentially make unnecessary changes. Define and apply an ACL so that only an authorized group of trusted stations can have access SNMP access to the system. Configuration: OS10(config)# snmp-server community name {ro | rw} acl acl-name OS10(config)# exit OS10# write memory OS10(config)# ip access-list snmp-read-only-acl OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any OS10 security best practices 15
![](/manual_guide/products/dell-mx5108n-smartfabric-os10-security-best-practices-guide-2020-c2fefbc/15.png)