Solved

Create a snmpd.conf in Linux

Posted on 2009-05-06
1
1,675 Views
Last Modified: 2012-06-21
I would like to know how to configure the snmpd.conf

I would like to limit the query by certain network addresses, can I restrict them in the snmp.conf

What is com2sec in the snmp.conf example mean?  Is it a group, a person? Can I change it

Thank you
kk44
0
Comment
Question by:KK44
1 Comment
 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 24346658
com2sec  is a _command_  that maps a  SNMPv2   community to a  "security name"
SNMP Security name is a concept from SNMPv3  the latest version of SNMP protocol.

Most equipment is still using SNMPv2,  which doesnot support the concept of "security name"

MAPPING a  snmpv2  community to a security name, means it is _AS IF_ they used that security name.

You would typically do something like this:

#       sec.name  source          community
#define a security name 'mysecname1'  for  'mysnmpcommunity'
com2sec mysecname1  default       mysnmpcommunity

#(makes snmpv1 queries you mapped to 'mysecname1' part of 'mysecgroup1')
group mysecgroup1 v1                   mysecname1

#(the same for snmpv2 queries)
group mysecgroup1 v2c                 mysecname1

#Defines a SNMP 'view'  as the OID .1, and everything below it.
view myview1    included .1

#Gives  'mysecgroup1'   access to see the things in the SNMP view 'myview1'
# but no write or notify access.
#         group           context  model   level        prefix   read-view    write  notify
access mysecgroup1 ""          any       noauth     exact   myview1      none  none


# Note that many of the fields in the 'access'  definition are  SNMPv3-specific.



Now, you want to restrict  access to a limited number of network addresses,
then

replace

com2sec mysecname1  default       mysnmpcommunity


With

com2sec mysecname1  127.0.0.1/32       mysnmpcommunity
com2sec mysecname1  192.168.3.5/24       mysnmpcommunity2
com2sec mysecname1  172.36.15.3/22       mysnmpcommunity3


Add to your hearts content.



An alternative is to comment out all the snmpv3  lines
i.e.

instead of using 'com2sec'   'access'    'group'  and 'view' statements,

the OLD way of configuring communities is to specify them like this in
snmpd.conf


rocommunity  mycommunity1  127.0.0.1
rocommunity  mycommunity1  192.168.5.3/32
rocommunity  mycommunity2  192.168.5.4/32
rocommunity  mycommunity3  172.44.0.8/23







0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question