Forum Discussion
How to limit some snmp mib access
- Jan 04, 2023
If you translate the globals in each of those mibs, you'll see where you can delineate in your oid string:
[root@ltm3:Active:Standalone] mibs # snmptranslate -On F5-BIGIP-SYSTEM-MIB::sysGlobals .1.3.6.1.4.1.3375.2.1.1 [root@ltm3:Active:Standalone] mibs # snmptranslate -On F5-BIGIP-LOCAL-MIB::ltmGlobals .1.3.6.1.4.1.3375.2.2.1 [root@ltm3:Active:Standalone] mibs # snmptranslate -On F5-BIGIP-GLOBAL-MIB::gtmGlobals .1.3.6.1.4.1.3375.2.3.1
So if you want to define a community string that will only be allowed to read from the F5-BIGIP-SYSTEM-MIB, but not the others, you can set the string to allow everything from:
.1.3.6.1.4.1.3375.2.1
which after applied would look something like this:
sys snmp { agent-addresses { tcp6:161 udp6:161 } communities { if5devcentralrocks_1 { community-name f5devcentralrocks oid-subset .1.3.6.1.4.1.3375.2.1 source 192.168.1.245 } } ... }
レザI believe this can be achieved by configuring the appropriate OID for the top most node in question for the SNMP v2 community. This articel outlines the configuration for OID for SNMP v1 and v2c and a section for v3 as well.
- レザJan 03, 2023Cirrus
Hi Paulius, unfortunately, this is not what I want. I think this is not possible in snmpv2
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com