You should be able to do what you have laid out. Here is a possible starting point.
To restrict who can access SNMP and what community string they use: com2sec <sec name> IP/CIDR <community string> For example: com2sec mysec 10.10.10.0/24 'my_string' all access from any IP on that subnet to get specific IP: 10.10.10.10/32 To Control Access to OIDs, I would use VACM approach # group.name model sec.name group RWGroup v2c mysec # create a view and set what can and cannot be accessed view rwView included .1 80 view rwView excluded .1.3.6.1.4.1.2021 fe view rwView excluded .1.3.6.1.4.1.8072 fe # context model sec.level match read.view write.view notif access RWGroup "" v2c noauth exact rwView rwView none On Tue, Jan 14, 2020 at 12:55 AM Nagarjun G <nagarjun.newslet...@gmail.com> wrote: > Hi All, > > We have been using net-snmp to manage our devices. We have a new > requirement now which is described below. > > My current configuration is as below : > I have an snmp agent which can be configured to run any version(v1/v2c/v3) > of snmp. > We are currently accessing the snmp agent through mib browser. > This has been there quite very long. > > Recent requirement : > There is another snmp manager which will access our snmp agent using only > snmpv2c which will have access to very limited OID's. > > What I need to achieve is: > I need to make my snmp agent respond to two different snmp managers, one > responding to v1/v2c/v3 requests and > another responding to only v2 requests with having limited access to few > OID's. > > Is it possible to achieve the above configuration ? > what type of access control configuration is needed ? > > Regards > Nagarjun > _______________________________________________ > Net-snmp-coders mailing list > Net-snmp-coders@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders >
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders