レザ
Jan 03, 2023Cirrus
How to limit some snmp mib access
Hi, folks.
How can i limit some snmp (snmpv2) mib's from begin accessed by a monitoring system (for exampe PRTG).
I want the monitoring system to be able to monitor all items on F5-BIGIP-SYSTEM-MIB but not F5-BIGIP-LOCAL-MIB or F5-BIGIP-GLOBAL-MIB.
thanks
If you translate the globals in each of those mibs, you'll see where you can delineate in your oid string:
[root@ltm3:Active:Standalone] mibs # snmptranslate -On F5-BIGIP-SYSTEM-MIB::sysGlobals .1.3.6.1.4.1.3375.2.1.1 [root@ltm3:Active:Standalone] mibs # snmptranslate -On F5-BIGIP-LOCAL-MIB::ltmGlobals .1.3.6.1.4.1.3375.2.2.1 [root@ltm3:Active:Standalone] mibs # snmptranslate -On F5-BIGIP-GLOBAL-MIB::gtmGlobals .1.3.6.1.4.1.3375.2.3.1
So if you want to define a community string that will only be allowed to read from the F5-BIGIP-SYSTEM-MIB, but not the others, you can set the string to allow everything from:
.1.3.6.1.4.1.3375.2.1
which after applied would look something like this:
sys snmp { agent-addresses { tcp6:161 udp6:161 } communities { if5devcentralrocks_1 { community-name f5devcentralrocks oid-subset .1.3.6.1.4.1.3375.2.1 source 192.168.1.245 } } ... }