Prevent SNMP access

You can follow these instructions and prevent SNMP access to your system.

If you do not want anyone to use SNMP to access your system, you should prevent the SNMP server from running. Do the following:
  1. To prevent SNMP server jobs from starting automatically when you start TCP/IP, type the following: CHGSNMPA AUTOSTART(*NO)
    Note:
    1. AUTOSTART(*YES) is the default value.
    2. Control which TCP/IP servers start automatically provides more information about controlling which TCP/IP servers start automatically.
  2. To prevent someone from associating a user application, such as a socket application, with the port that the system normally uses for SNMP, do the following:
    1. Type GO CFGTCP to display the Configure TCP/IP menu.
    2. Select option 4 (Work with TCP/IP port restrictions).
    3. On the Work with TCP/IP Port Restrictions display, specify option 1 (Add).
    4. For the lower port range, specify 161.
    5. For the upper port range, specify *ONLY.
    Note:
    1. The port restriction takes effect the next time that you start TCP/IP. If TCP/IP is active when you set the port restrictions, you should end TCP/IP and start it again.
    2. RFC1700 provides information about common port number assignments.
  3. For the protocol, specify *TCP.
  4. For the user profile field, specify a user profile name that is protected on your system. A protected user profile is a user profile that does not own programs that adopt authority and does not have a password that is known by other users. By restricting the port to a specific user, you automatically exclude all other users.
  5. Repeat steps 2c through 2g for the *UDP protocol.
Parent topic: Security considerations for SNMP