How to modify the minimum length of an SNMP community name on a CE series switch

14

Run the snmp-agent community complexity-check disable command in the system view to disable complexity check of community names. In this case, you can modify the minimum length of an SNMP community name. If the configured community name does not meet complexity requirements, the system is prone to attacks from malicious users, affecting system security. Therefore, disabling complexity check of community names is not recommended.

Other related questions:
How do I configure SNMP community name on S series switches
The snmp-agent community { read | write } community-name command can be used to configure community names on S series switches (except S1700). read indicates the read permission and write indicates the write permission. If the same community name is configured, the latter configuration overwrites the earlier community name. The following provides an example: [HUAWEI] snmp-agent community write community001 Community complexity check needs to be performed when SNMP community names are configured on S series switches (except S1700) in versions after V200R002. Community complexity requirements are as follows: 1. The community name must contain at least eight characters. The set password min-length command sets the value of minimum password length which must equal to or be larger than 8. 2. The community must be a combination of at least two of the following: uppercase letters A to Z, lowercase letters a to z, digits, and special characters (excluding question masks). You can use the snmp-agent community complexity-check disable command to disable community name complexity check on a switch. After community name complexity check is disabled, the value of community name length is an integer in the range 1 to 32. The configuration method is as follows: [HUAWEI] snmp-agent community complexity-check disable Note: If a configured community name does not meet complexity requirements, the system is prone to attacks including password cracking from malicious users, affecting system security. Therefore, it is recommended that community name complexity check be enabled.

What are the requirements for the length of SNMP community names on CE switches
By default, a switch checks the complexity of community names. A community name required by CE switches is a string of 8 to 32 characters and meets the following conditions: 1. The community name must be a combination of at least two of uppercase letters (A to Z), lowercase letters (a to z), digits, and special characters (excluding question masks and spaces). 2. If the string is enclosed in double quotation marks (" "), the string can contain spaces. If the complexity check of a community name is disabled using the snmp-agent community complexity-check disable command, the community name can contain 1 to 32 characters. To ensure the security of SNMP community names, you are advised to enable the complexity check of a community name.

How to view an SNMP community name on a CE series switch
You can run the display snmp-agent community command to view the configured SNMP community names in cipher text; however, the community names in plain text cannot be displayed.

How to configure an SNMP community name on a CE series switch
CE switches support SNMPv1, SNMPv2c, and SNMPv3, while only SNMPv1 and SNMPv2c support community name configuration. Run the snmp-agent community { read | write } { community-name | cipher community-name } [ alias alias-name ] command in the system view to set an SNMP community name. For example, set the read/write community name for SNMPv2c to Private123. system-view [~HUAWEI] snmp-agent sys-info version v2c [*HUAWEI] snmp-agent community write Private123 [*HUAWEI] commit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top