>
>
> > In lieu of a software upgrade, a workaround can be applied to certain IOS
> > releases by disabling the ILMI community or "*ilmi" view and applying an
> > access list to prevent unauthorized access to SNMP. Any affected system,
> > regardless of software release, may be protected by filteri
2011/12/9 Joel jaeggli
> On 12/9/11 18:22 , Keegan Holley wrote:
> >>
> >>
> >>> assumption that writable SNMP was a bad idea but have never actually
> >> tried
> >>> it. I was curious what others were using, netconf or just scripted
&
On 12/9/11 18:22 , Keegan Holley wrote:
>>
>>
>>> assumption that writable SNMP was a bad idea but have never actually
>> tried
>>> it. I was curious what others were using, netconf or just scripted
>> logins.
>>> I'm also fighting a losi
>
>
> > assumption that writable SNMP was a bad idea but have never actually
> tried
> > it. I was curious what others were using, netconf or just scripted
> logins.
> > I'm also fighting a losing battle to convince people that netconf isn't
> > e
On 06Dec2011, at 12.28, David Barak wrote:
> From: Jeff Wheeler
>
>> Juniper does not support writing via SNMP. I am glad. Hopefully that
>> is the first step toward not supporting SNMP at all.
>
> If I recall correctly, wasn't the old FORE CLI implemented via localhost
> SNMP? I liked us
e
it is, somewhat, yes.
> assumption that writable SNMP was a bad idea but have never actually tried
> it. I was curious what others were using, netconf or just scripted logins.
> I'm also fighting a losing battle to convince people that netconf isn't
> evil. It strikes m
On Wed, Dec 7, 2011 at 11:29 AM, Keegan Holley
wrote:
>>
>> > I can see the other comments about interactive commands and bulk
>> > read/writes, but what's the harm of doing it on internet connected boxes
>> > vs.
>> > non-internet boxes. Just about everyone uses snmp reads in the
>> > interwebs
>
>
> > I can see the other comments about interactive commands and bulk
> > read/writes, but what's the harm of doing it on internet connected boxes
> vs.
> > non-internet boxes. Just about everyone uses snmp reads in the interwebs
>
> I think the general feeling is that snmp is udp so it's spoof
als, differences in
platforms and code from the same vendor and my various failed attempts to
do all of the above. Most of the automation suites I've seen work via
logins, rancid,HP NA etc etc. Although there are better programmers that
can and have made it work it still seems cumbersome to me.
> On Tue, 6 Dec 2011 12:39:34 -0500, Dorian Kim said:
DK> There is one good reason. Every vendor seem to assign a junior intern to
DK> maintanining SNMP code, so you are interfacing with your router via a very
DK> suspect interface.
The marking folks believed that when X dollars had to be
> On Tue, 6 Dec 2011 11:07:44 -0500, Keegan Holley
> said:
KH> Admittedly, you will have to deal with proprietary mibs and reformat
KH> the data once it's returned.
That's the nail in the coffin of just about every configuration
protocol. Until multiple vendors implement a common model
On Tue, 06 Dec 2011 14:18:52 EST, Jeff Wheeler said:
> I've spent enough time writing code to deal with SNMP (our own stack,
> not using Net-SNMP or friends) to have a more in-depth understanding
> of SNMP's pitfalls than most people. It is TERRIBLE and should be
> totally gutted and replaced wit
What SNMP does have for it is it is lightweight (to some extent) vs XML that
can get quite bulky, and certainly is the case when trying to do many
interfaces at once.
I have seen better precision with snmp vs cli interaction/tcp based
interaction.
snmpbulkwalk has been my cruel mistress for
From: Jeff Wheeler
>Juniper does not support writing via SNMP. I am glad. Hopefully that
>is the first step toward not supporting SNMP at all.
If I recall correctly, wasn't the old FORE CLI implemented via localhost SNMP?
I liked using them, but that's a special case...
David Barak
Need Gee
In a message written on Tue, Dec 06, 2011 at 11:16:02AM -0500, Jared Mauch
wrote:
> Anyone that has spent any quantity of time with ASN.1 generally would agree.
SNMP has two fatal flaws for large scale write based configuration.
ASN.1 was basically obsolete before it was written. It was designe
On Tue, Dec 6, 2011 at 2:56 PM, Jethro R Binks
wrote:
> So what are the alternatives these days then for automation or batch
> operations?
>
> clogin etc from shrubbery's rancid?
>
> Net::Appliance::Session
netconf!
On Tue, Dec 6, 2011 at 12:39 PM, Dorian Kim wrote:
> On Tue, Dec 06, 2011 at 12:15:35PM -0500, Mauch, Jared wrote:
>> > Also, who tests snmp WRITE in their code? at scale? for daily
>> > operations tasks? ... (didn't the snmp incident in 2002 teach us
>> > something?)
>>
>> There's no reason one c
few years now I been wondering why more networks do not use
>> >> writable
>> >> SNMP. Most automation solutions actually script a login to the various
>> >> equipment. This comes with extra code for different vendors, different
>> >> prompts and any quirk that
On Tue, Dec 6, 2011 at 12:15 PM, Jared Mauch wrote:
>
> On Dec 6, 2011, at 11:28 AM, Christopher Morrow wrote:
>
>> long ago, in a network far away (not on the interwebs) we used snmp
>> write to trigger a tftp config load. It worked nicely... I'm fairly
>> certain I'd not do this on an internet c
On Tue, 6 Dec 2011, Jeff Wheeler wrote:
> On Tue, Dec 6, 2011 at 11:07 AM, Keegan Holley
> wrote:
> > For a few years now I been wondering why more networks do not use writable
> > SNMP. Most automation solutions actually script a login to the various
>
...
> Juniper
On Tue, Dec 6, 2011 at 11:07 AM, Keegan Holley
wrote:
> For a few years now I been wondering why more networks do not use writable
> SNMP. Most automation solutions actually script a login to the various
I've spent enough time writing code to deal with SNMP (our own stack,
not using
Yes, Site Mangler. Do not stir that nest. Thar be dragons.
-Blake
On Tue, Dec 6, 2011 at 11:35, Justin M. Streiner wrote:
> On Tue, 6 Dec 2011, Jared Mauch wrote:
>
> I recall some bay networks gear you could only program with the proper OID
>> as the cli was basically a SNMP-SET operation on t
On Tue, Dec 06, 2011 at 12:15:35PM -0500, Mauch, Jared wrote:
> > Also, who tests snmp WRITE in their code? at scale? for daily
> > operations tasks? ... (didn't the snmp incident in 2002 teach us
> > something?)
>
> There's no reason one can't program a device with SNMP, the main issue IMHO
Ther
On Tue, 6 Dec 2011, Jared Mauch wrote:
I recall some bay networks gear you could only program with the proper OID
as the cli was basically a SNMP-SET operation on the device.
The mere mention of Bay Networks and Site Manager (read: Site Mangler or
Site Damager) is enough to get my blood press
On Dec 6, 2011, at 11:28 AM, Christopher Morrow wrote:
> long ago, in a network far away (not on the interwebs) we used snmp
> write to trigger a tftp config load. It worked nicely... I'm fairly
> certain I'd not do this on an internet connected network today though.
Many vendors have poor TFTP
2011/12/6 Christopher Morrow
> On Tue, Dec 6, 2011 at 11:16 AM, Jared Mauch
> wrote:
> >
> > On Dec 6, 2011, at 11:07 AM, Keegan Holley wrote:
> >
> >> For a few years now I been wondering why more networks do not use
> writable
> >> SNMP. Most au
On Tue, Dec 6, 2011 at 11:16 AM, Jared Mauch wrote:
>
> On Dec 6, 2011, at 11:07 AM, Keegan Holley wrote:
>
>> For a few years now I been wondering why more networks do not use writable
>> SNMP. Most automation solutions actually script a login to the various
>> equipm
On Dec 6, 2011, at 11:07 AM, Keegan Holley wrote:
> For a few years now I been wondering why more networks do not use writable
> SNMP. Most automation solutions actually script a login to the various
> equipment. This comes with extra code for different vendors, different
> pro
For a few years now I been wondering why more networks do not use writable
SNMP. Most automation solutions actually script a login to the various
equipment. This comes with extra code for different vendors, different
prompts and any quirk that the developer is aware of and constant patches
as
29 matches
Mail list logo
