[j-nsp] SNMP v3 configurations

Nugroho WH Adisubrata adisubrata at gmail.com
Wed Sep 1 16:55:22 EDT 2010 

Snort,

You missed VACM configuration.
Please add following VACM configuration:

enugadi at gundul# show snmp
v3 {
    usm {
        local-engine {
            user enugadi {
                authentication-sha {
                    authentication-key
"$9$djV24GDimPQZGHmfQn6evMXdb4aZDHq8X-wY4ZGjHqmfz9Apu1RpuNdwYZGk.PT69AtOhcl0O-VwsJZtu0BhSrlMXxd9AOREhrlWLx7-wg4ZH.Pg4Fn69pu1RhSvWxNdbYg-dikPfn6lKvL-VaZUjk.ZGuOIRSyvWLN-wJGDi.PjiO1hcleYg4aDi";
## SECRET-DATA
                }
                privacy-none;
            }
        }
    }
    vacm {
        security-to-group {
            security-model usm {
                security-name enugadi {
                    group group_enugadi;
                }
            }
        }
        access {
            group group_enugadi {
                default-context-prefix {
                    security-model usm {
                        security-level none {
                            read-view full-mib;
                        }
                    }
                }
            }
        }
    }
}
engine-id {
    use-mac-address;
}
view full-mib {
    oid internet include;
}



nugroho-a-macbook:~ nugroho$ snmpwalk -v 3 -u enugadi -l AuthNoPriv -a SHA
-A adisubrata -m ALL 192.168.150.14
------ truncate -----
RFC1213-MIB::ifIndex.6 = INTEGER: 6
RFC1213-MIB::ifIndex.8 = INTEGER: 8
RFC1213-MIB::ifIndex.9 = INTEGER: 9
RFC1213-MIB::ifIndex.16 = INTEGER: 16
RFC1213-MIB::ifIndex.17 = INTEGER: 17



On Thu, Sep 2, 2010 at 1:24 AM, snort bsd <snortbsd at yahoo.com.au> wrote:

> Hi all:
>
> here is my configuration (for testing) for snmp v3:
>
> v3 {
>    usm {
>        local-engine {
>            user tester {
>                authentication-sha {
>                    authentication-key "xxxxxxx"; ## SECRET-DATA
>                }
>                privacy-none;
>            }
>        }
>    }
>    target-address test_1 {
>        address 172.32.1.10;
>        target-parameters test-lab;
>    }
>    target-address test_2 {
>        address 172.32.1.11;
>        target-parameters test-lab;
>    }
>    target-parameters test-lab {
>        parameters {
>            message-processing-model v3;
>            security-model usm;
>            security-level authentication;
>            security-name lab;
>        }
>    }
>    snmp-community lab {
>        security-name lab;
>        tag lab;
>    }
> }
> engine-id {
>    use-mac-address;
> }
> trap-group test {
>    version all;
>    categories {
>        authentication;
>        chassis;
>        link;
>        routing;
>        sonet-alarms;
>    }
> }
>
> but the tests were failed:
>
> home at bn:~:$ snmpwalk -v 3 -u tester -l AuthNoPriv -a SHA -A test -m ALL
> 172.32.1.10
> Error in packet.
> Reason: authorizationError (access denied to that object)
>
>
> did I miss something in my configuration?
>
> Thanks in advance
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list