Hi Larry,

Thank you for responding to the question. I have tried the above situation
you mentioned on a linux machine. It worked very well.

But we use net-snmp in a different way in our Embedded device. We dont use
the code related to reading from conf files (snmp.conf) etc.
We pass the data from our Data manager and make specific calls to the
net-snmp API's
like vacm_createGroupEntry, dmgr_to_netsnmp_vacm_access,
dmgr_to_netsnmp_vacm_view.

Similarly what is the API to achieve the below behaviour of com2sec.
com2sec <sec name> IP/CIDR <community string>

I tried using netsnmp_udp_parse_security("com2sec", "mysec 10.0.2.15
mycom"). I think this should have created an entry into the list.


Am I missing something or I am using the wrong API altogether?

Regards,
Nagarjun


On Tue, Jan 14, 2020 at 11:26 PM Larry Hayes <lhay...@gmail.com> wrote:

> You should be able to do what you have laid out.
> Here is a possible starting point.
>
> To restrict who can access SNMP and what community string they use:
> com2sec <sec name> IP/CIDR <community string>
>
>    For example:  com2sec  mysec 10.10.10.0/24 'my_string'
>       all access from any IP on that subnet to get specific IP:
> 10.10.10.10/32
>
> To Control Access to OIDs, I would use VACM approach
>
> #     group.name    model sec.name
> group RWGroup      v2c   mysec
>
> # create a view and set what can and cannot be accessed
> view rwView       included  .1                      80
> view rwView       excluded  .1.3.6.1.4.1.2021       fe
> view rwView       excluded  .1.3.6.1.4.1.8072       fe
>
>
> #                    context model sec.level match read.view write.view
> notif
> access RWGroup      ""      v2c   noauth    exact rwView    rwView none
>
> On Tue, Jan 14, 2020 at 12:55 AM Nagarjun G <nagarjun.newslet...@gmail.com>
> wrote:
>
>> Hi All,
>>
>> We have been using net-snmp to manage our devices. We have a new
>> requirement now which is described below.
>>
>> My current configuration is as below :
>> I have an snmp agent which can be configured to run any
>> version(v1/v2c/v3) of snmp.
>> We are currently accessing the snmp agent through mib browser.
>> This has been there quite very long.
>>
>> Recent requirement  :
>> There is another snmp manager which will access our snmp agent using only
>> snmpv2c which will have access to very limited OID's.
>>
>> What I need to achieve is:
>> I need to make my snmp agent respond to two different snmp managers, one
>> responding to v1/v2c/v3 requests and
>> another responding to only v2 requests with having limited access to few
>> OID's.
>>
>> Is it possible to achieve the above configuration ?
>> what type of access control configuration is needed ?
>>
>> Regards
>> Nagarjun
>> _______________________________________________
>> Net-snmp-coders mailing list
>> Net-snmp-coders@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to