Forum Discussion
How to limit some snmp mib access
- Jan 04, 2023
If you translate the globals in each of those mibs, you'll see where you can delineate in your oid string:
[root@ltm3:Active:Standalone] mibs # snmptranslate -On F5-BIGIP-SYSTEM-MIB::sysGlobals .1.3.6.1.4.1.3375.2.1.1 [root@ltm3:Active:Standalone] mibs # snmptranslate -On F5-BIGIP-LOCAL-MIB::ltmGlobals .1.3.6.1.4.1.3375.2.2.1 [root@ltm3:Active:Standalone] mibs # snmptranslate -On F5-BIGIP-GLOBAL-MIB::gtmGlobals .1.3.6.1.4.1.3375.2.3.1
So if you want to define a community string that will only be allowed to read from the F5-BIGIP-SYSTEM-MIB, but not the others, you can set the string to allow everything from:
.1.3.6.1.4.1.3375.2.1
which after applied would look something like this:
sys snmp { agent-addresses { tcp6:161 udp6:161 } communities { if5devcentralrocks_1 { community-name f5devcentralrocks oid-subset .1.3.6.1.4.1.3375.2.1 source 192.168.1.245 } } ... }
Hi,
Now the problem is that when I limit it to only one Oid, the device's general snmps such as uptime and interface statistics are no longer accessible.
Is it possible to exclude only F5-BIGIP-LOCAL-MIB and not the others?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com