Menu
▾
▴
Support for Ciso ACLs
|
From: Anuradha B. <anu...@ne...> - 2004-07-07 13:14:57
|
Hi Dave, Does net-snmp has any support for Cisco ACLs(Access control lists).=20 If we were to provide ACL support for communities, meaning if we want to restrict community strings per IP address, I guess com2sec caters to all the requirements. Notification mibs can be used for restricting traps.=20 Do you have any pointers as to how ACL support can be provided for snmpv3 users and groups. Can this be achieved only by using snmpCommunityTable and snmpTargetTable??? Thanks, Anu. -----Original Message----- From: Dave Shield [mailto:D.T...@cs...]=20 Sent: Tuesday, June 01, 2004 2:08 PM To: Anuradha Bhakta Cc: net...@li... Subject: Re: Issues while moving the configuration from file to Database I have observed that net-snmp does not support snmpCommunityTable of RFC > 3584(SNMP-COMMUNITY-MIB), though the data related to this is=20 > maintained in local memory. Is there any particular reason that this=20 > is not supported. Because no-one has implemented this particular MIB. The equivalent functionality (i.e. "com2sec" handling) was actually written *before* the SNMP-COMMUNITY-MIB first appeared, and there hasn't been a pressing need to re-work this to use the more standard approach. It's been on my list for a while, but other tasks have tended to come first. If you're in a position to address this, and can feed back the necessary changes, we'd be delighted to incorporate them into the main Net-SNMP code base. > Please let me know if I am missing anything with related to dealing=20 > with snmpCommunityTable. The main thing to realise is that the snmpCommunityTable covers slightly *more* than the com2sec settings do - in particular a community string will be mapped to a (name/engineID/context) triple rather than simply a security name. And you'd have to use the snmpTargetTable (plus snmpCommunityTransportTag) to handle the source address filtering. But other than that, it shouldn't be too difficult to implement. Dave |
