Whether the USG firewall can cancel the SNMP key complexity


The configuration of the USG2000 & 5000 & 6000 SNMP secret key is as follows:

Snmp-agent community {read | write} community-name [mib-view view-name | acl acl-number] *
Community-name community name. When you use the display command, the community name is displayed as a cipher text. The string type can be:
The Length of 1 to 32 of the plaintext
The Length of 56 ciphertext
To improve the security, the proposed community name to meet the minimum complexity requirements, that contains English capital letters (A ~ Z), English lowercase letters (a ~ z), numbers (0 ~ 9), special characters (such as #,% , $, Etc.) and contain at least 8 characters.

Other related questions:
whether the USG Firewall support BFD
USG Firewall support BFD

Whether USG firewalls support the BFD
USG firewalls support the BFD.

Whether USG firewalls support the VxLAN
Currently, the USG firewalls do not support the VxLAN.

Whether the L2TP domain name and tunnel key are case-sensitive on the USG2000 and USG5000
On the USG2000 and USG5000, the L2TP domain name is case-insensitive but the tunnel key is case-sensitive.

How do I configure SNMP community name on S series switches
The snmp-agent community { read | write } community-name command can be used to configure community names on S series switches (except S1700). read indicates the read permission and write indicates the write permission. If the same community name is configured, the latter configuration overwrites the earlier community name. The following provides an example: [HUAWEI] snmp-agent community write community001 Community complexity check needs to be performed when SNMP community names are configured on S series switches (except S1700) in versions after V200R002. Community complexity requirements are as follows: 1. The community name must contain at least eight characters. The set password min-length command sets the value of minimum password length which must equal to or be larger than 8. 2. The community must be a combination of at least two of the following: uppercase letters A to Z, lowercase letters a to z, digits, and special characters (excluding question masks). You can use the snmp-agent community complexity-check disable command to disable community name complexity check on a switch. After community name complexity check is disabled, the value of community name length is an integer in the range 1 to 32. The configuration method is as follows: [HUAWEI] snmp-agent community complexity-check disable Note: If a configured community name does not meet complexity requirements, the system is prone to attacks including password cracking from malicious users, affecting system security. Therefore, it is recommended that community name complexity check be enabled.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top