[c-nsp] Giving customers access to your gear.

Tassos Chatzithomaoglou achatz at forthnet.gr
Wed Jun 4 03:27:09 EDT 2008 

We provide RO snmp views to specific customers, as long as they know which exactly oids they need to 
monitor. That way they're limited to specific portions of the snmp mibs.


--
Tassos


Michael K. Smith - Adhost wrote on 4/6/2008 10:13 πμ:
> Hello Richey:
> 
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
>> bounces at puck.nether.net] On Behalf Of Richey
>> Sent: Tuesday, June 03, 2008 4:38 PM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] Giving customers access to your gear.
>>
>> I've got a customer with a T1.  They have been bought out by a large hotel
>> chain.  They are pretty much demanding that they have SNMP full read access
>> to our router that is at their location as well as a copy of the config for
>> the router.   This is not their router, it is ours and we fully manage our
>> router and hand them  Ethernet.     This seems a little odd that they want
>> access to our gear, and I am not too keen on giving them access unless they
>> are willing to accept some responsibility.   They don't want to accept any
>> responsibility for the access they would have to this box.     They say that
>> Verizion and AT&T don't have any problems giving them this kind of access to
>> their gear.
>>
> I think RO SNMP access is fine, and just make sure you sanitize the configuration of all "interesting" data like passwords, dynamic routing protocol configurations, etc.  If you are worried that SNMP access will create performance issues, draft up a letter for them to sign indicating that any outages or performance issues that are a result of SNMP polling will not be credited against the customer's SLA.
> 
> By the way, I'm assuming they are the only customer on this box.  If that is not the case then I would say no to unfiltered SNMP and the config file, indicating to them that the device terminates services for other customer and cannot therefore be shared with them.
> 
> Regards,
> 
> Mike
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list