The IP address restrictions you're talking about apply to both v1 and =

v2c. If you intend to set up view-only accounts, you can configure them =

just as easily with 2c as you can with 1 in snmpd.conf. I'd stick with =

2c unless you have a real reason to use 1, and I don't belief this =

qualifies.

It is worth mentioning that USM and VACM, which are only available in =

v3, allow you to remotely push user accounts and ACLs. It takes some =

more time to learn of course, and doesn't fit in to your immediate =

plans, but it's *very* nice if you ever get to a point where you want to =

protect certain subsets of SNMP information and not make the entire OID =

tree publicly readable.

-Davin

McGowen, Wendy wrote:
> I=92ve implemented the first round of our SNMP agents =96 we=92ll be =


> supporting get=92s only, along with traps; no set=92s will be supported f=

or =

> the first release.
> =


> =


> =


> We=92ll be allowing the user to configure the SNMP security through our U=

I =

> (which does NOT use SNMP), so we=92re hoping to keep it as simple as =


> possible. I=92ve been testing with what I guess is called =93v2=94 securi=

ty =96 =

> where you have to list IP addresses of clients, put them in groups with =


> specific access, etc. (I haven=92t even attempted the =93v3=94 stuff yet)=

.. But =

> management is wondering if we could make it even simpler for the =


> customer, and step back to =93v1=94, which I guess is nothing more than a =


> community string and either =93read=94 or =93read/write=94 access.
> =


> =


> =


> So my question is, is it =93okay=94 to use the simplest security model (a=

nd =

> the least secure) if you=92re going to have view only data? Or are most =


> SNMP customers going to want a more secure model? Again, we aren=92t read=

y =

> to move to the latest and greatest yet (we want to have a better feel =


> for SNMP in general before we go down that path), so at best it would be =


> the =93v2=94 stuff.
> =


> =


> =


> Thanks!
> =


> =


> =


> ~ Wendy
> =


> =


> ------------------------------------------------------------------------
> =


> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216....net/marketpl=

ace
> =


> =


> ------------------------------------------------------------------------
> =


> _______________________________________________
> Net-snmp-users mailing list
> Net-snmp-users@lists.sourceforge.net
> Please see the following page to unsubscribe or change other options:
> https://lists.sourceforge.net/lists/...net-snmp-users



-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216...et/marketplace
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/...net-snmp-users