Manuals / Technicolor - Thomson / Computer Equipment / Network Router

Technicolor - Thomson SpeedTouchTM620 manual How to Restrict Snmp Access, SNMPV3AGENT

Models: SpeedTouchTM620

1 216

Download 216 pages 15.67 Kb

Page 167

Chapter 10

SpeedTouch™ Monitoring

10.2.11 How to Restrict SNMP Access

SNMP Access

Restriction

How to Add an IP Address to the Access List

How to Add an Interface Group to the Access List

How to View the

Configuration

You can restrict SNMP Access so that it is accepted from specific IP addresses only. To do this, add the IP address or an IP Address range to the access list for the service SNMPV3_Agent. Note that this also covers SNMPv1.

You can also restrict access to specific interface groups such as WAN, LAN, DMZ,...

Use the following command:

:service system ipadd name=SNMPV3_AGENT ip=<ip-range>

with <ip-range>either the IP address or the range of IP addresses from which SNMP access should be allowed.

Use the following command:

:service system ifadd name=SNMPV3_AGENT group = <{wanlocallantunneldmzguest} or number>

The <group> parameter determines which interface group has access to the SNMP service.

Use the following command to view the configuration:

:service system list name SNMPV3_AGENT expand enabled

This results in the following output:

Idx Name	Protocol	SrcPort DstPort Group
-----------------------------------------------------------------------
1 SNMPV3_AGENT	udp	161
Description		Rx snmp GET, SET and GETNEXT PDUs
Properties		server
Attributes		state port aclip aclif aclifgroup map log
User Managed Attributes....		state aclip aclif aclifgroup map log
Attribute Values :
State		(administratively) disabled
Port		161
Ip Access List		any
Interface Access List		any
Interface Group Access List		any
Map List		161
Logging		disabled

E-DOC-CTC-20051017-0155 v1.0	157

Image 167

Technicolor - Thomson SpeedTouchTM620 manual How to Restrict Snmp Access, SNMPV3AGENT

Contents

SpeedTouch620 Page SpeedTouch 620 Document Information CopyrightTrademarks Contents SpeedTouch Software Modules Integrated SpeedTouch Isdn Modem 10.1.1 Basic Concepts 135 10.1.2 MIBs Explained 136 How to Add an Snmp User 152How to Restrict Snmp Access 157 How to Configure the Traps 158SLA Monitoring Contents About this Operator’s Guide About this Operator’s Guide Introduction IntroductionChapter CLI serial access requirements SpeedTouch Command Line Interface About the CLI InterfaceCLI web page access requirements CLI Telnet access requirementsAccess via a Telnet session or serial console CLI Access via Telnet or Serial Console=help Command group navigationBasic Navigation =help firewall list Going to the beginningOr end of a line Chapter Firewall list Command Line Interface CommandsExecuting Commands from the Top Level Executing Commands From the Command Group Chapter Menu-driven CLI Navigation Chapter SpeedTouch System Software SpeedTouch System Software About the System SoftwareTopic See System Software Management via FTPFtpcd dl Backup System Software via FTPStep Action Get the system software file Software version commandSubdirectory’s contents Upgrade/Restore procedure Upgrade or Restore System Software via FTPTransfer system software to the SpeedTouch Use the quote site software version command to checkSoftware deletepassive command to delete it Ftp put ZZUIAA5.411 Mark system software file as Passive Software Version Activate the upgrade/ restored system softwareImportant note Manual System Software Management via BOOTP/TFTP serverSystem software Management=software upgrade SpeedTouch Configuration Management SpeedTouch Configuration ManagementClick Save or Restore Configuration Configuration Management via the SpeedTouch Web InterfaceConfigurations via Basic Web Interface Step Action Go to Home SpeedTouch ConfigurationLocal disk, you want to restore on your SpeedTouch Restoring configurations via the basic Web InterfaceSpeedTouch Configuration Management Proceed as follows Click Backup Go to expert modeClick Save All to save the current configuration Open the Update page via Home SpeedTouch System UpdateIntend to restore. Select the file and click OK Restoring a configuration via the expert pagesOpen the Upgrade page via Home SpeedTouch System Update FTP access SpeedTouch configuration files Configuration Management via TelnetConfig dump Config CLI Command GroupConfig save Config backup filename = user configuration filenameEcho = noyes Defaults = noyesLoadip = noyes Flush = yesnoGet the latest configuration file from Back up Configurations via FTPSpeedTouch Multi Level Access Policy Configuration Guide Site saveall commandFtp get user.ini Configuration you saved in is stored in the user.ini fileOther configuration files stored via Introduction Restore/change procedure Store Configurations via FTPSoftware cleanup CLI command Transfer the configuration file to the SpeedTouchQuote site saveall command Matches total Ftp put config.iniFtp quote site config load Connection for /bin/ls Jun 1971 Start.cmd Rwxrwxrwx Template files on the SpeedTouch file system SpeedTouch Service TemplatesTemplate Description SpeedTouch System Languages Management Open the Upload File page via Home SpeedTouch System UpdateSwitch between system languages Click on the Language Packs tab Go to the Expert ModeOpen the language page via Home SpeedTouch System Update Language Step ActionChapter Software key SpeedTouch Software ModulesSoftware Modules ST620 ST608WL ST605 SpeedTouch Software ModulesTable Item Description Software Activation Key Management=software addon list How to Install a Software Key Overview This chapter covers the following services SpeedTouch System ServicesService See SpeedTouch System ServicesSpeedTouch Dynamic DNS =dyndns help SpeedTouch CLI dyndns commandsDyndns service Dyndns host=dyndns add name=MyDynDNS Example dynamic DNS subscriptionAdding a dynamic DNS host name Adding a dynamic DNS client =dyndns host add group=MyDynDNSHost name=johndoe.dyndns.orgGroup = MyDynDNSHost Modifying the dynamic DNS client=dyndns modify Name = MyDynDNS Service list Refining the dynamic DNS service settingsChecking dynamic DNS client Resolving DNS ServiceUse multiple hosts configure an additional host =dyndns modify name=MyDynDNS status=enabledSpeedTouch Sntp Client Manual tab Select Manual to Step Action Sntp add and sntp delete Sntp configSntp list Method Description Website FilteringSection See Website Filtering Configuration Pages How to Verify the Filtering Configuration Information Content level becomes available. Refer to 6.3.3 How toWeb Section Description Filtering license is availableHow to Activate a Web Filtering License Filter Priority Actions for Uncategorised Sites Configuring the Actions for Uncategorised SitesWant to create an entry in the filter How to Create an Address Based FilterHow to Create a New Proceed as follows Entry Step Action Go to the first bullet in the list Address Based FilteringAll Legal Teenagers Children BlockAll How to Create a Content Based FilterSelect the content level of your choice LevelGo to the Web site filtering Overview How to Create a Content LevelView Step Action Level Step ActionPick a Task... list, select Create a new content level Content Level Step ActionToolbox section, click Intrusion Detection Intrusion Detection and ProtectionTask Description Remote Assistance About Remote Assistance How to Set Up Remote AssistanceHow to Log On To The SpeedTouch Remotely Chapter Chapter To the SpeedTouch SpeedTouch File SystemOpening an FTP session Preparing for FTP file transfers Access rights to the file systemFtpcd Files stored on the file systemChapter Access method System service name SpeedTouch Remote AccessSpeedTouch access methods Chapter =service system ifadd name=HTTP group=wan = Remote Web Interface AccessConfiguration via CLI commands =service system list name=HTTP expand=enabled=service system ipadd name=HTTP ip=192.6.2-55.2-55 = Refinement Service=service system ipadd name=HTTP ip=192.6.11.5 = =service system ipadd name=HTTP ip=192.6.11.0/24 ==service system modify name=HTTP state=enabled port=82 = NAT configuration menu, but always in System Services=service system list name=HTTPs expand=enabled Secure Remote Web Interface AccessHTTPs service Introduction =service system ifadd name=HTTPs group=wan = =service system ipadd name=HTTPs ip=192.6.2-55.2-55 = =service system ipadd name=HTTPs ip=192.6.11.5 ==service system ipadd name=HTTPs ip=192.6.11.0/24 = 448 =service system modify name=HTTPs state=enabled port=448 ==service system list name=TELNET expand=enabled Remote Telnet Access=service system ifadd name=TELNET group=wan = =service system ipadd name=TELNET ip=192.6.2-55.2-55 = Refinement of the Service=service system ipadd name=TELNET ip=192.6.11.5 = =service system ipadd name=TELNET ip=192.6.11.0/24 ==service system modify name=TELNET state=enabled port=50 = =ssh config shell=enabled Remote SSH AccessSSH service Introduction SSH authentication =ssh config auth=password=ssh publickey list SSH =service system list name=SSH expand=enabled=service system ifadd name=SSH group=wan =service system ipadd name=SSH ip=192.6.2-55.2-55 =service system ipadd name=SSH ip=192.6.11.5=service system ipadd name=SSH ip=192.6.11.0/24 =service system modify name=SSH state=enabled port=35 =service system ifadd name=FTP group=wan Remote FTP Access=service system list name=FTP expand=enabled =service system ipadd name=FTP ip=192.6.2-55.2-55 =service system ipadd name=FTP ip=192.6.11.5=service system ipadd name=FTP ip=192.6.11.0/24 =service system modify name=FTP state=enabled port=26 =ssh config sftp=enabled Remote Sftp Access101 102 103 104 105 Configuration Options How to Configure LAC Syntax LAN Based Auto-Configuration LAC Support TR-064Parameter Descripion Value Description Enabled orDisabled CPE WAN Management Protocol Cwmp Support TR-069 How to Configure Cwmp Syntax Parameter Value Description How to ConfigureParameter Descripion Cwmp Server Parameter Description Value How to Configure the Cwmp Server Syntax112 Overview This chapter covers the following topics Integrated SpeedTouch Isdn ModemIntegrated SpeedTouch Isdn Modem About the Isdn Modem 115 How to Configure the Isdn Modem Action See Isdn BackupClick Routed PPoI How to Configure the Isdn Dial-In ConnectionIsdn backup Click Connections119 Enabled or disabled How to Configure the PPP Connection Cidr , dotted or none Pap , chap or autoDOD. This means that the system Enable or disable dial-on-demandWill engage the Isdn backup if DemanddialIsdn Callback 125 126 Support callback Called party must also be set to128 129 130 RemoteCAPI How to Install Remote Proceed as followsIsdn Remote Capi \windows\system32\capi2032.dllSelect Remote Capi Daemon SpeedTouch Monitoring SpeedTouch MonitoringSnmp in the SpeedTouch Overview An Introduction to SnmpBasic Concepts Management Information Base Basic CommandsRFC1213 MIB-II MIBs ExplainedRFC3417 Transport Mappings for Snmp MIB RFC3418 SNMPv2-MIB Standard MIBs MIBs About SnmpSpeedTouch Monitoring From previous 138 Task See Snmp configurationHow to Allow Access to the Snmp Agent This returns the following output How to View the Snmp ConfigurationAbout the Snmp Service You can the same command to view the SNMPV3 TrapsHow to View the System Contact, Name and Location Create a new community How to Configure SNMPv1Configure the community to have these group rights Allow external access to the Snmp agentCreate a notify filter Configure the target parametersEnable traps Create a new targetEnable or disable the sending How to Configure the System contact, Name and LocationEnable or disable Parameters This command has the following parametersMTU How to Force the Source IP AddressParameters The command has the following parameters How to Configure the Snmp TargetDestination To get the iP address table, use How to Read Snmp Parameters via the CLITo update the traffic load, use With objectid the object identity to getNext fromAdministratorsnmp=walk ObjectId=1.3.6.1.2.1.1 =service system ifadd name SNMPV3AGENT group wan How to Allow Remote SnmpHow to Add an Snmp User Group Description Use the following command to add the user to the group Use the following command to create a new viewNotification access to that view Use the following command to create a new userThis results in the following output Communities SNMPV3AGENT How to Restrict Snmp AccessUse the snmp notifyprofile add command How to Configure the TrapsUse the snmp targetparams add command Use the snmp notifyfilter add commandUse the following command sequence Use the snmp target add commandSpeedTouch Syslog Syslog daemon What is SyslogSpeedTouch Syslog Daemon SpeedTouchPriority Notation Code 163 Syslog via the Web Interface 165 =syslog msgbuf help Syslog CLI command groupSyslog via the CLI =syslog help=syslog ruleadd fac=all sev=debug dest=192.168.1.10 =saveall Remote Syslog NotificationSyslog host on a remote network =service system list name=SYSLOG expand=enabledAdvantages SpeedTouch Identification SpeedTouch Identification on AWSSpeedTouch Identification over AWS About the Advanced Diagnostics Overview SpeedTouch Advanced DiagnosticsOffice Network Web 173 174 Click... To Diagnostic WebOpening SpeedTouch Diagnostic Web Interface 176 177 178 Command Line Interface Diagnostics Commands About CLI DiagnosticsAccessing the CLI Diagnostical CLITmmb Lower Layer DiagnosticsAtm oam cc send Atm debug aal5statsAtm debug gstats Atm debug portstats=autopvc list ATM Auto-Configuration via TR-37/ Ilmi=autopvc config mode=active = Dhcp relay debug stats Router Services DiagnosticsDhcp client debug stats Dhcp server debug stats=dns server debug stats Dns server debug statsDisplays statistics of SpeedTouch’s DNS server/forwarder =firewall rule debug stats Routing DiagnosticsFirewall rule debug stats It uses the following parameters Below is an example of a ping command and its replyBelow is an example of a traceroute command and its reply Command=eth switch mirror capture port=4 = Ethernet Diagnostics190 Displays SpeedTouch cpu and memory statistics Management DiagnosticsSystem debug stats 192 =sla ping add test=internet addr=11.0.0.138 SLA MonitoringParameter Description Values =sla ping list =sla ping start test=internet =SLA Monitoring Following results will be displayed Name Description=sla traceroute add test=route addr=11.0.0.138 = SLA Traceroute configuration198 =sla traceroute start test=route = Starting the SLA Traceroute=sla traceroute modify test = route Addr = Dffield = no Result Info Status =sla traceroute list=sla traceroute hist test route owner modem 202 =system reset factory=yes proceed=yes Resetting the SpeedTouchResetting the SpeedTouch =system rebootKeep the reset button pushed in for ca seconds Switch off the SpeedTouchPress and hold the reset button Switch on the SpeedTouchPage Need more help?