On 10/04/2008, Joan Landry wrote:
> The reason I asked about the snmpCommunityTransportTag is because it
> provides the mechanism to solve the above problem by using the
> snmpTargetAddressTable as defined in the snmpCommunityTable.

Unfortunately, as Mike has already said, the Net-SNMP agent
does not support the snmpCommunityTable. The "com2sec"
directive (which was implemented before the Community MIB
took shape) provides an equivalent mechanism.

> I want to have a V3 secure box, where v2 access is allowed to only a
> select group of stations.
> I would use v3/usm/vacm config to define v3 access to the box.
> If I add a com2sec configuration for v2 access to the same box - then in
> essence I no longer have a v3 secure box. Anyone can get in just using
> the v2 setup.

Glenn's given the answer here.
Use directives of the form

com2sec v2user trustedBox community

That will only configure access from the specified source ('trustedBox'),
and be ignored for SNMPv2 requests from elsewhere (even if the
community string is correct).
This is the com2sec equivalent of the snmpCommunityTransportTag


This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
Net-snmp-users mailing list
Please see the following page to unsubscribe or change other options: