Hi Frank,
I want to filter the source address with community when SNMPv2 request coming in.
I thought that I could configure snmpCommunityTransportTag, snmpTargetAddrTAddress, and snmpTargetAddrTagList to achieve the purpose
Here is my configuration:
vcapuser@localhost ncs-packages]$ snmpwalk -v 2c -c test localhost 1.3.6.1.6.3.18|grep “.‘test’”
SNMP-COMMUNITY-MIB::snmpCommunityName.‘test’ = STRING: “test”
SNMP-COMMUNITY-MIB::snmpCommunitySecurityName.‘test’ = STRING: public
SNMP-COMMUNITY-MIB::snmpCommunityContextEngineID.‘test’ = STRING: “32473”
SNMP-COMMUNITY-MIB::snmpCommunityContextName.‘test’ = STRING:
SNMP-COMMUNITY-MIB::snmpCommunityTransportTag.‘test’ = STRING: test
SNMP-COMMUNITY-MIB::snmpCommunityStorageType.‘test’ = INTEGER: permanent(4)
SNMP-COMMUNITY-MIB::snmpCommunityStatus.‘test’ = INTEGER: active(1)
SNMP-COMMUNITY-MIB::snmpTargetAddrTMask.‘test’ = “”
SNMP-COMMUNITY-MIB::snmpTargetAddrMMS.‘test’ = INTEGER: 484
[vcapuser@localhost ncs-packages]$ snmpwalk -v 2c -c test localhost 1.3.6.1.6.3.12|grep “.‘test’”
SNMP-TARGET-MIB::snmpTargetAddrTDomain.‘test’ = OID: SNMPv2-SMI::mib-2.100.1.1
SNMP-TARGET-MIB::snmpTargetAddrTAddress.‘test’ = Hex-STRING: C0 A8 64 11 D8 ED
SNMP-TARGET-MIB::snmpTargetAddrTimeout.‘test’ = INTEGER: 250
SNMP-TARGET-MIB::snmpTargetAddrRetryCount.‘test’ = INTEGER: 1
SNMP-TARGET-MIB::snmpTargetAddrTagList.‘test’ = STRING: test
SNMP-TARGET-MIB::snmpTargetAddrParams.‘test’ = STRING: SNMPv2c
SNMP-TARGET-MIB::snmpTargetAddrStorageType.‘test’ = INTEGER: permanent(4)
SNMP-TARGET-MIB::snmpTargetAddrRowStatus.‘test’ = INTEGER: active(1)
I think with this configuration, we accept snmp request with community “test” only when it comes from 192.168.100.1:55533 (snmpTargetAddrTAddress C0 A8 64 11 D8 ED)
After test, it seems not working.
Then I called SnmpCommunityMIB.setSourceAddressFiltering(true), the configuration above seems working now, request with community “test” is being filtered.
Could you please help to confirm if my configuration and the usage of API setSourceAddressFiltering is right? is setSourceAddressFiltering designed to achieve this kind of purpose?
And one more question, if I don’t want to specify the port, only filter on IP adress, then I need to set snmpTargetAddrTMask as “255.255.255.255:0”. is this right?
Looking forward to your advice.
Thanks.
BR,
Terry