You should be able to do what you have laid out.
Here is a possible starting point.
To restrict who can access SNMP and what community string they use:
com2sec <sec name> IP/CIDR <community string>
For example: com2sec mysec 10.10.10.0/24 'my_string'
all access from any IP on that subnet to get specific IP:
10.10.10.10/32
To Control Access to OIDs, I would use VACM approach
# group.name model sec.name
group RWGroup v2c mysec
# create a view and set what can and cannot be accessed
view rwView included .1 80
view rwView excluded .1.3.6.1.4.1.2021 fe
view rwView excluded .1.3.6.1.4.1.8072 fe
# context model sec.level match read.view write.view
notif
access RWGroup "" v2c noauth exact rwView rwView none
On Tue, Jan 14, 2020 at 12:55 AM Nagarjun G <[email protected]>
wrote:
> Hi All,
>
> We have been using net-snmp to manage our devices. We have a new
> requirement now which is described below.
>
> My current configuration is as below :
> I have an snmp agent which can be configured to run any version(v1/v2c/v3)
> of snmp.
> We are currently accessing the snmp agent through mib browser.
> This has been there quite very long.
>
> Recent requirement :
> There is another snmp manager which will access our snmp agent using only
> snmpv2c which will have access to very limited OID's.
>
> What I need to achieve is:
> I need to make my snmp agent respond to two different snmp managers, one
> responding to v1/v2c/v3 requests and
> another responding to only v2 requests with having limited access to few
> OID's.
>
> Is it possible to achieve the above configuration ?
> what type of access control configuration is needed ?
>
> Regards
> Nagarjun
> _______________________________________________
> Net-snmp-coders mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
