[j-nsp] ERX1440, how to limit login to be able to "show conf" only
Bjørn Mork
bjorn at mork.no
Wed Jul 2 05:08:49 EDT 2008
Joe Shen <sj_hznm at yahoo.com.cn> writes:
> we are trying to set up ERX1440/E320 configuration
> backup and monitoring system. The system is
> implemented to fetch E320/E1440 configuration file
> every day.
>
> In order to confirm system security, the login
> account should ONLY be able to fech E1440/E320
> configuration file. No privilege on configuration
> modification should be granted.
>
> Is that possible to implement above on E1440/E320?
Don't think so. These are the access levels you can play with:
http://www.juniper.net/techpubs/software/erx/junose91/swconfig-system-basics/html/passwords-security-config9.html
> Or, is it possible to fetch configuation file by RO
> SNMP community?
You can probably create a limited view covering the
Juniper-FILE-XFER-MIB and Juniper-HOST-MIB (and more?) and restrict RW
access to it.
But I don't think you'll gain any *real* security.
Bjørn
More information about the juniper-nsp
mailing list