Solved

Create a snmpd.conf in Linux

Posted on 2009-05-06
1
1,679 Views
Last Modified: 2012-06-21
I would like to know how to configure the snmpd.conf

I would like to limit the query by certain network addresses, can I restrict them in the snmp.conf

What is com2sec in the snmp.conf example mean?  Is it a group, a person? Can I change it

Thank you
kk44
0
Comment
Question by:KK44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 24346658
com2sec  is a _command_  that maps a  SNMPv2   community to a  "security name"
SNMP Security name is a concept from SNMPv3  the latest version of SNMP protocol.

Most equipment is still using SNMPv2,  which doesnot support the concept of "security name"

MAPPING a  snmpv2  community to a security name, means it is _AS IF_ they used that security name.

You would typically do something like this:

#       sec.name  source          community
#define a security name 'mysecname1'  for  'mysnmpcommunity'
com2sec mysecname1  default       mysnmpcommunity

#(makes snmpv1 queries you mapped to 'mysecname1' part of 'mysecgroup1')
group mysecgroup1 v1                   mysecname1

#(the same for snmpv2 queries)
group mysecgroup1 v2c                 mysecname1

#Defines a SNMP 'view'  as the OID .1, and everything below it.
view myview1    included .1

#Gives  'mysecgroup1'   access to see the things in the SNMP view 'myview1'
# but no write or notify access.
#         group           context  model   level        prefix   read-view    write  notify
access mysecgroup1 ""          any       noauth     exact   myview1      none  none


# Note that many of the fields in the 'access'  definition are  SNMPv3-specific.



Now, you want to restrict  access to a limited number of network addresses,
then

replace

com2sec mysecname1  default       mysnmpcommunity


With

com2sec mysecname1  127.0.0.1/32       mysnmpcommunity
com2sec mysecname1  192.168.3.5/24       mysnmpcommunity2
com2sec mysecname1  172.36.15.3/22       mysnmpcommunity3


Add to your hearts content.



An alternative is to comment out all the snmpv3  lines
i.e.

instead of using 'com2sec'   'access'    'group'  and 'view' statements,

the OLD way of configuring communities is to specify them like this in
snmpd.conf


rocommunity  mycommunity1  127.0.0.1
rocommunity  mycommunity1  192.168.5.3/32
rocommunity  mycommunity2  192.168.5.4/32
rocommunity  mycommunity3  172.44.0.8/23







0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question