Hi.
Thank you for quickly reply and I'm sorry for late response.
I tried to test SNMPv3 agent working in below(you pointed) configuration.
It's mostly work fine, but I don't know about SNMPv3 IP-based
access control(com2sec directive in /usr/share/snmp/snmpd.conf).
In detail, I want to restrict snmpwalk only from 192.168.0.1/32.
So I describe /usr/share/snmp/snmpd.conf like that;
com2sec public 192.168.0.1/32 public
but it's possible to access by snmpwalk from anywhere in 192.168.0.0/24
to 192.168.0.254.(192.168.0.254 is SNMPv3 agent machine's IP_addr)
snmpwalk command like that;
snmpwalk -v 3 -u public -l authNoPriv -a MD5 -A publicpassword
-x DES 192.168.0.254
How can I restrict SNMPv3 access by ip_address?
Please help me!
Thanks in advance.
Regards.
> > ...
> > ---------------
> > /var/net-snmp/snmpd.conf
> > #
> > # net-snmp (or ucd-snmp) persistent data file.
> > #
> > # DO NOT STORE CONFIGURATION ENTRIES HERE.
> > # Please save normal configuration tokens for snmpd in
> > SNMPCONFPATH/snmpd.conf.
> > # Only "createUser" tokens should be placed here by snmpd administrators.
> > #
> >
> > vacmView 1 3 1 0x616c6c00 .6.5.4.3.2.1.1 0x80
> > vacmView 1 3 1 0x616c6c00 .6.5.4.3.2.1.1 0x80
> > vacmAccess 1 3 3 2 1 0x524f47726f757000 0x00
> > ...
>
> Notice anything unusual here? In the file that says, "DO NOT STORE
> CONFIGURATION ENTRIES HERE", you've put your vacm configuration!
>
> While I don't know that this is your problem, you should store vacmView,
> vacmAccess, etc. in /usr/share/snmp/snmp.conf and "Only 'createUser' tokens"
> should be in /var/net-snmp/snmpd.conf.
>
> That said, this is a basic configuration that works for me:
>
> In /usr/share/snmp/snmpd.conf:
>
> com2sec config localhost config
> group config v2c config
> view config included .1
> access config "" any noauth exact config config config
>
> com2sec public default public
> view public included .1
> group public_v2 v1 public
> group public_v2 v2c public
> access public_v2 "" any noauth exact public none none
> group public_v3 usm public
> access public_v3 "" any auth exact public none none
>
> com2sec private default private
> view private included .1
> group private_v2 v1 private
> group private_v2 v2c private
> access private_v2 "" any noauth exact private private private
> group private_v3 usm private
> access private_v3 "" any auth exact private private private
>
> And in /var/net-snmp/snmpd.conf:
>
> createUser public MD5 "publicpwd" DES "publicpwd"
> createUser private MD5 "privatepwd" DES "privatepwd"
>
> I hope this helps.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
