Chapter 10

SpeedTouch™ Monitoring

10.2.11 How to Restrict SNMP Access

SNMP Access

Restriction

How to Add an IP Address to the Access List

How to Add an Interface Group to the Access List

How to View the

Configuration

You can restrict SNMP Access so that it is accepted from specific IP addresses only. To do this, add the IP address or an IP Address range to the access list for the service SNMPV3_Agent. Note that this also covers SNMPv1.

You can also restrict access to specific interface groups such as WAN, LAN, DMZ,...

Use the following command:

:service system ipadd name=SNMPV3_AGENT ip=<ip-range>

with <ip-range>either the IP address or the range of IP addresses from which SNMP access should be allowed.

Use the following command:

:service system ifadd name=SNMPV3_AGENT group = <{wanlocallantunneldmzguest} or number>

The <group> parameter determines which interface group has access to the SNMP service.

Use the following command to view the configuration:

:service system list name SNMPV3_AGENT expand enabled

This results in the following output:

Idx Name

Protocol

SrcPort DstPort Group

-----------------------------------------------------------------------

1 SNMPV3_AGENT

udp

161

Description

Rx snmp GET, SET and GETNEXT PDUs

Properties

server

Attributes

state port aclip aclif aclifgroup map log

User Managed Attributes....

state aclip aclif aclifgroup map log

Attribute Values :

 

 

State

(administratively) disabled

Port

161

Ip Access List

any

Interface Access List

any

Interface Group Access List

any

Map List

161

Logging

disabled

E-DOC-CTC-20051017-0155 v1.0

157

 

Page 167
Image 167
Technicolor - Thomson SpeedTouchTM620 manual How to Restrict Snmp Access, SNMPV3AGENT