[j-nsp] SNMP v3 configurations
snort bsd
snortbsd at yahoo.com.au
Wed Sep 1 18:50:47 EDT 2010
thanks....:)
________________________________
From: Nugroho WH Adisubrata <adisubrata at gmail.com>
To: snort bsd <snortbsd at yahoo.com.au>
Cc: juniper-nsp <juniper-nsp at puck.nether.net>
Sent: Wed, 1 September, 2010 4:55:22 PM
Subject: Re: [j-nsp] SNMP v3 configurations
Snort,
You missed VACM configuration.
Please add following VACM configuration:
enugadi at gundul# show snmp
v3 {
usm {
local-engine {
user enugadi {
authentication-sha {
authentication-key
"$9$djV24GDimPQZGHmfQn6evMXdb4aZDHq8X-wY4ZGjHqmfz9Apu1RpuNdwYZGk.PT69AtOhcl0O-VwsJZtu0BhSrlMXxd9AOREhrlWLx7-wg4ZH.Pg4Fn69pu1RhSvWxNdbYg-dikPfn6lKvL-VaZUjk.ZGuOIRSyvWLN-wJGDi.PjiO1hcleYg4aDi";
## SECRET-DATA
}
privacy-none;
}
}
}
vacm {
security-to-group {
security-model usm {
security-name enugadi {
group group_enugadi;
}
}
}
access {
group group_enugadi {
default-context-prefix {
security-model usm {
security-level none {
read-view full-mib;
}
}
}
}
}
}
}
engine-id {
use-mac-address;
}
view full-mib {
oid internet include;
}
nugroho-a-macbook:~ nugroho$ snmpwalk -v 3 -u enugadi -l AuthNoPriv -a SHA -A
adisubrata -m ALL 192.168.150.14
------ truncate -----
RFC1213-MIB::ifIndex.6 = INTEGER: 6
RFC1213-MIB::ifIndex.8 = INTEGER: 8
RFC1213-MIB::ifIndex.9 = INTEGER: 9
RFC1213-MIB::ifIndex.16 = INTEGER: 16
RFC1213-MIB::ifIndex.17 = INTEGER: 17
On Thu, Sep 2, 2010 at 1:24 AM, snort bsd <snortbsd at yahoo.com.au> wrote:
Hi all:
>
>here is my configuration (for testing) for snmp v3:
>
>v3 {
> usm {
> local-engine {
> user tester {
> authentication-sha {
> authentication-key "xxxxxxx"; ## SECRET-DATA
> }
> privacy-none;
> }
> }
> }
> target-address test_1 {
> address 172.32.1.10;
> target-parameters test-lab;
> }
> target-address test_2 {
> address 172.32.1.11;
> target-parameters test-lab;
> }
> target-parameters test-lab {
> parameters {
> message-processing-model v3;
> security-model usm;
> security-level authentication;
> security-name lab;
> }
> }
> snmp-community lab {
> security-name lab;
> tag lab;
> }
>}
>engine-id {
> use-mac-address;
>}
>trap-group test {
> version all;
> categories {
> authentication;
> chassis;
> link;
> routing;
> sonet-alarms;
> }
>}
>
>but the tests were failed:
>
>home at bn:~:$ snmpwalk -v 3 -u tester -l AuthNoPriv -a SHA -A test -m ALL
>172.32.1.10
>Error in packet.
>Reason: authorizationError (access denied to that object)
>
>
>did I miss something in my configuration?
>
>Thanks in advance
>
>
>
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list