Create a snmpd.conf in Linux

I would like to know how to configure the snmpd.conf

I would like to limit the query by certain network addresses, can I restrict them in the snmp.conf

What is com2sec in the snmp.conf example mean?  Is it a group, a person? Can I change it

Thank you
kk44
KK44Asked:
Who is Participating?
 
MysidiaConnect With a Mentor Commented:
com2sec  is a _command_  that maps a  SNMPv2   community to a  "security name"
SNMP Security name is a concept from SNMPv3  the latest version of SNMP protocol.

Most equipment is still using SNMPv2,  which doesnot support the concept of "security name"

MAPPING a  snmpv2  community to a security name, means it is _AS IF_ they used that security name.

You would typically do something like this:

#       sec.name  source          community
#define a security name 'mysecname1'  for  'mysnmpcommunity'
com2sec mysecname1  default       mysnmpcommunity

#(makes snmpv1 queries you mapped to 'mysecname1' part of 'mysecgroup1')
group mysecgroup1 v1                   mysecname1

#(the same for snmpv2 queries)
group mysecgroup1 v2c                 mysecname1

#Defines a SNMP 'view'  as the OID .1, and everything below it.
view myview1    included .1

#Gives  'mysecgroup1'   access to see the things in the SNMP view 'myview1'
# but no write or notify access.
#         group           context  model   level        prefix   read-view    write  notify
access mysecgroup1 ""          any       noauth     exact   myview1      none  none


# Note that many of the fields in the 'access'  definition are  SNMPv3-specific.



Now, you want to restrict  access to a limited number of network addresses,
then

replace

com2sec mysecname1  default       mysnmpcommunity


With

com2sec mysecname1  127.0.0.1/32       mysnmpcommunity
com2sec mysecname1  192.168.3.5/24       mysnmpcommunity2
com2sec mysecname1  172.36.15.3/22       mysnmpcommunity3


Add to your hearts content.



An alternative is to comment out all the snmpv3  lines
i.e.

instead of using 'com2sec'   'access'    'group'  and 'view' statements,

the OLD way of configuring communities is to specify them like this in
snmpd.conf


rocommunity  mycommunity1  127.0.0.1
rocommunity  mycommunity1  192.168.5.3/32
rocommunity  mycommunity2  192.168.5.4/32
rocommunity  mycommunity3  172.44.0.8/23







0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.