Q: Is it possible to configure Net-SNMP 5.4.2.1 to filter IP address(es) when using SNMPv3 the way com2sec directive does it for SNMPv1/2c ?
Thus far: Using SNMPv1, multiple clients on the 14 seg can read & write appropriately. as expected. we've even tuned this down to single machines using /32. that all works fine. We just can't get SNMPv3 to block on the same IP/mask settings that SNMPv1 blocks, but instead SNMPv3 connections read and write our agent regardless of the client's source IP address and regardless of how we massage the IPaddress/mask. Scubbing the on-line docs (Net-SNMP and Linux), we've tried mostly to "associate" the com2sec entries with our v3 profile using the notion of CONTEXT specifiers, but I'm not understanding what those actually do or don't do and how they resolve to agent behavior. My latest attempt below, the rwuser and rouser keywords as the context, which does not do it. Nor does group names, community names, sec.names, etc. I'm sure I'm just missing a key point in the docs. I've also tried various combos of context-names matching in the client configuration (shown with blank context name this time), but none of that seems to matter either. The client config (MGSoft client) is set like this: thanks for looking, any insights appreciated. regards, - pete # snmpd configuration file # #com2sec sec.name source community com2sec -Cn rouser readonly 192.168.14.0/24 devpublic com2sec -Cn rwuser readwrite 191.168.14.0/24 devprivate # group sec.model sec.name group ROGroup v1 readonly group ROGroup v2c readonly group ROGroupV3 usm readonly group RWGroup v1 readwrite group RWGroup v2c readwrite group RWGroup usm readwrite # view name included/excluded subtree [mask] view all included .1 80 # Load MIB dlmod libnbMib /opt/snmp/libnbMib.so # access group context sec.model sec.level match read write notif access ROGroup "" v1 noauth exact all none none access ROGroup "" v2c noauth exact all none none access ROGroup "" usm auth exact all none none access RWGroup "" v1 noauth exact all all none access RWGroup "" v2c noauth exact all all none access RWGroup "" usm auth exact all all none # agentaddress [(udp|tcp):]port[@address][,...] agentaddress udp:161 psyslocation unknown psyscontact unknown psysname arch4B37F5 sysObjectID 1.3.6.1.4.1.318.100.20.10.2013 rouser snmpuser rwuser snmpuser
<<image/gif>>
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
