How do S series switches display passwords configured through SNMP in plain text

4

V100R006 of S series switches (except S1700) displays SNMP community names in configuration in plain text. To improve security, later versions display information including community names, encryption passwords, and authentication passwords configured through SNMP in ciphertext. The information cannot be displayed in plain text through commands or other methods.

Other related questions:
How do I configure SNMP community name on S series switches
The snmp-agent community { read | write } community-name command can be used to configure community names on S series switches (except S1700). read indicates the read permission and write indicates the write permission. If the same community name is configured, the latter configuration overwrites the earlier community name. The following provides an example: [HUAWEI] snmp-agent community write community001 Community complexity check needs to be performed when SNMP community names are configured on S series switches (except S1700) in versions after V200R002. Community complexity requirements are as follows: 1. The community name must contain at least eight characters. The set password min-length command sets the value of minimum password length which must equal to or be larger than 8. 2. The community must be a combination of at least two of the following: uppercase letters A to Z, lowercase letters a to z, digits, and special characters (excluding question masks). You can use the snmp-agent community complexity-check disable command to disable community name complexity check on a switch. After community name complexity check is disabled, the value of community name length is an integer in the range 1 to 32. The configuration method is as follows: [HUAWEI] snmp-agent community complexity-check disable Note: If a configured community name does not meet complexity requirements, the system is prone to attacks including password cracking from malicious users, affecting system security. Therefore, it is recommended that community name complexity check be enabled.

SNMP configuration on S series switch
S series switches (except S1700 switches) support three SNMP versions: SNMPv1, SNMPv2c, and SNMPv3. SNMPv1 and SNMPv2c use community names for authentication, resulting in low security, whereas SNMPv3 uses authentication and encryption technologies to enhance security. The following uses SNMPv2c configuration as an example: [HUAWEI] snmp-agent //Enable SNMP. [HUAWEI] snmp-agent sys-info version v2c //Set the SNMP version to SNMPv2c. [HUAWEI] snmp-agent community write adminnms01 //Set the SNMP write community name. For common SNMP configuration information, see "Common SNMP Operations" in S1720&S2700&S3700&S5700&S6700&S7700&S9700 Series Switches Common Operation Guide. For typical SNMP configuration examples, see "Typical SNMP Configuration" in "Typical Network Management and Monitoring Configuration" of S1720&S2700&S3700&S5700&S6700&S7700&S9700 Typical Configuration Examples. Common configuration and typical configuration examples for S9300 and S12700 series switches are the same as those for Sx700 series switches. The Sx700 series switches are used as an example here.

Login password cannot be displayed
To protect user information, the system does not display the password that a user enters upon login, if the user configures password authentication or AAA authentication for login.

Whether SNMP configurations for an S series switch can be cleared
For S series switches (except S1700), the following two methods can clear SNMP configurations: 1. Run the undo command corresponding to an SNMP feature command to clear SNMP configurations. 2. Run the undo snmp-agent command to clear all SNMP configurations. The configurations will be recovered if the snmp-agent command is executed again.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top