[j-nsp] SNMP v3 configurations

snort bsd snortbsd at yahoo.com.au
Wed Sep 1 18:50:47 EDT 2010


thanks....:)





________________________________
From: Nugroho WH Adisubrata <adisubrata at gmail.com>
To: snort bsd <snortbsd at yahoo.com.au>
Cc: juniper-nsp <juniper-nsp at puck.nether.net>
Sent: Wed, 1 September, 2010 4:55:22 PM
Subject: Re: [j-nsp] SNMP v3 configurations

Snort,

You missed VACM configuration.
Please add following VACM configuration:

enugadi at gundul# show snmp 
v3 {
    usm {
        local-engine {
            user enugadi {
                authentication-sha {
                    authentication-key 
"$9$djV24GDimPQZGHmfQn6evMXdb4aZDHq8X-wY4ZGjHqmfz9Apu1RpuNdwYZGk.PT69AtOhcl0O-VwsJZtu0BhSrlMXxd9AOREhrlWLx7-wg4ZH.Pg4Fn69pu1RhSvWxNdbYg-dikPfn6lKvL-VaZUjk.ZGuOIRSyvWLN-wJGDi.PjiO1hcleYg4aDi";
 ## SECRET-DATA
                }
                privacy-none;
            }
        }
    }
    vacm {
        security-to-group {
            security-model usm {
                security-name enugadi {
                    group group_enugadi;
                }
            }
        }
        access {
            group group_enugadi {
                default-context-prefix {
                    security-model usm {
                        security-level none {
                            read-view full-mib;
                        }
                    }
                }
            }
        }
    }
}
engine-id {
    use-mac-address;
}
view full-mib {
    oid internet include;
} 



nugroho-a-macbook:~ nugroho$ snmpwalk -v 3 -u enugadi -l AuthNoPriv -a SHA -A 
adisubrata -m ALL 192.168.150.14
------ truncate -----
RFC1213-MIB::ifIndex.6 = INTEGER: 6
RFC1213-MIB::ifIndex.8 = INTEGER: 8
RFC1213-MIB::ifIndex.9 = INTEGER: 9
RFC1213-MIB::ifIndex.16 = INTEGER: 16
RFC1213-MIB::ifIndex.17 = INTEGER: 17




On Thu, Sep 2, 2010 at 1:24 AM, snort bsd <snortbsd at yahoo.com.au> wrote:

Hi all:
>
>here is my configuration (for testing) for snmp v3:
>
>v3 {
>   usm {
>       local-engine {
>           user tester {
>               authentication-sha {
>                   authentication-key "xxxxxxx"; ## SECRET-DATA
>               }
>               privacy-none;
>           }
>       }
>   }
>   target-address test_1 {
>       address 172.32.1.10;
>       target-parameters test-lab;
>   }
>   target-address test_2 {
>       address 172.32.1.11;
>       target-parameters test-lab;
>   }
>   target-parameters test-lab {
>       parameters {
>           message-processing-model v3;
>           security-model usm;
>           security-level authentication;
>           security-name lab;
>       }
>   }
>   snmp-community lab {
>       security-name lab;
>       tag lab;
>   }
>}
>engine-id {
>   use-mac-address;
>}
>trap-group test {
>   version all;
>   categories {
>       authentication;
>       chassis;
>       link;
>       routing;
>       sonet-alarms;
>   }
>}
>
>but the tests were failed:
>
>home at bn:~:$ snmpwalk -v 3 -u tester -l AuthNoPriv -a SHA -A test -m ALL
>172.32.1.10
>Error in packet.
>Reason: authorizationError (access denied to that object)
>
>
>did I miss something in my configuration?
>
>Thanks in advance
>
>
>
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>



      


More information about the juniper-nsp mailing list