Solved

Create a snmpd.conf in Linux

Posted on 2009-05-06
1
1,687 Views
Last Modified: 2012-06-21
I would like to know how to configure the snmpd.conf

I would like to limit the query by certain network addresses, can I restrict them in the snmp.conf

What is com2sec in the snmp.conf example mean?  Is it a group, a person? Can I change it

Thank you
kk44
0
Comment
Question by:KK44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 24346658
com2sec  is a _command_  that maps a  SNMPv2   community to a  "security name"
SNMP Security name is a concept from SNMPv3  the latest version of SNMP protocol.

Most equipment is still using SNMPv2,  which doesnot support the concept of "security name"

MAPPING a  snmpv2  community to a security name, means it is _AS IF_ they used that security name.

You would typically do something like this:

#       sec.name  source          community
#define a security name 'mysecname1'  for  'mysnmpcommunity'
com2sec mysecname1  default       mysnmpcommunity

#(makes snmpv1 queries you mapped to 'mysecname1' part of 'mysecgroup1')
group mysecgroup1 v1                   mysecname1

#(the same for snmpv2 queries)
group mysecgroup1 v2c                 mysecname1

#Defines a SNMP 'view'  as the OID .1, and everything below it.
view myview1    included .1

#Gives  'mysecgroup1'   access to see the things in the SNMP view 'myview1'
# but no write or notify access.
#         group           context  model   level        prefix   read-view    write  notify
access mysecgroup1 ""          any       noauth     exact   myview1      none  none


# Note that many of the fields in the 'access'  definition are  SNMPv3-specific.



Now, you want to restrict  access to a limited number of network addresses,
then

replace

com2sec mysecname1  default       mysnmpcommunity


With

com2sec mysecname1  127.0.0.1/32       mysnmpcommunity
com2sec mysecname1  192.168.3.5/24       mysnmpcommunity2
com2sec mysecname1  172.36.15.3/22       mysnmpcommunity3


Add to your hearts content.



An alternative is to comment out all the snmpv3  lines
i.e.

instead of using 'com2sec'   'access'    'group'  and 'view' statements,

the OLD way of configuring communities is to specify them like this in
snmpd.conf


rocommunity  mycommunity1  127.0.0.1
rocommunity  mycommunity1  192.168.5.3/32
rocommunity  mycommunity2  192.168.5.4/32
rocommunity  mycommunity3  172.44.0.8/23







0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question