Hello,
I imagine this question has already been answered in this forum, so I
apologize for any redundancy I may be causing here.
Using the VACM model in snmpd.conf, it is possible to restrict access to v1
and/or v2c community strings based on source IP address of the initiating
NMS host (the host issuing snmpwalk, snmpget, etc)
Is it possible to use source IP filtering for groups of SNMPv3 users? To
provide a concrete example, what configuration is required to create
different source IP restrictions for the two groups below? Say one wants to
limit the group 'if_group' to access from 192.168.1.0/24 and 'all_group' is
to be limited to access from 192.168.2.2/32.
# viewname incl/excl subtree
view all_view included .1
view if_view included .1.3.6.1.2.1.2
# groupName securityModel securityName
group if_group usm if_user
group all_group usm all_user
# group context sec.model sec.level match read write notif
access if_group "" usm auth exact if_view none none
access all_group "" usm priv exact all_view none none
# username authProto authpassphrase privProto
privpassphrase
createUser if_user SHA 12345678
createUser all_user SHA 12345678 AES 12345678
# user type username sec.level
rouser if_user auth
rouser all_user priv
Thanks,
Frank
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
