>> Ah! So this is not about the snmpTargetAddrTable at all,
really. The question you >>wanted to ask was, "Does net-snmp support
the community MIBs?" The answer is, "Net-snmp does not support the
community MIBs." If you want to restrict the source address of v1 or
v2c requests, I direct your attention again to the com2sec directive of
the snmpd.conf file. If you want actual security, I direct your
attention again to v3/USM/VACM.

Actually I am really looking to solve one problem.

I want to have a V3 secure box, where v2 access is allowed to only a
select group of stations.

I would use v3/usm/vacm config to define v3 access to the box.
If I add a com2sec configuration for v2 access to the same box - then in
essence I no longer have a v3 secure box. Anyone can get in just using
the v2 setup. In so doing I have obliterated the notion my box being v3
secure. It is only secure to the stations playing by the v3 rules,
however anyone can just use the v2 rules and get into the same box.

At the same time I have users that I know are legitimate and they only
have v2 ability so I need to give only these users access to my box via
v2.

It is I think referred to a v2/v3co-existence in a v3 secure
environment.

So if you have a way to solve this problem in net-snmp that is what I am
looking for.

The reason I asked about the snmpCommunityTransportTag is because it
provides the mechanism to solve the above problem by using the
snmpTargetAddressTable as defined in the snmpCommunityTable.

Thanks for your time,
Joan

-----Original Message-----
From: Mike Ayers [mailto:mike_ayers@tvworks.com]
Sent: Thursday, April 10, 2008 2:31 PM
To: Joan Landry; net-snmp-users@lists.sourceforge.net
Subject: RE: SnmpTargetAddress


> From: net-snmp-users-bounces@lists.sourceforge.net
> [mailto:net-snmp-users-bounces@lists.sourceforge.net] On Behalf Of
> Joan Landry
> Sent: Thursday, April 10, 2008 10:40 AM


> >>It does not, as that would be contrary to the intent of the

> snmpTargetAddrTable.
>
> I think that this is not true. The snmpTargetAddrTable defines a
> tagList that can be used to limit the outgoing notifications and also
> can be used to limit the incoming requests.



snmpTargetAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF SnmpTargetAddrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of transport addresses to be used in the generation
of SNMP messages."
::= { snmpTargetObjects 2 }


The words "generation" and "target" imply "not incoming".



> snmpCommunityTransportTag OBJECT-TYPE


Ah! So this is not about the snmpTargetAddrTable at all,
really. The question you wanted to ask was, "Does net-snmp support the
community MIBs?" The answer is, "Net-snmp does not support the
community MIBs." If you want to restrict the source address of v1 or
v2c requests, I direct your attention again to the com2sec directive of
the snmpd.conf file. If you want actual security, I direct your
attention again to v3/USM/VACM.


HTH,

Mike

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/...net-snmp-users