• February 09, 2012, 11:03:25 AM
Welcome, Guest. Please login or register.
Did you miss your activation email?
« previous next »
Pages: [1]

Author Topic: Tip: Creating a SNMP OID restriction for temperature readings  (Read 2441 times)

0 Members and 4 Guests are viewing this topic.

Offline Forrequi

  • Rookie
  • **
  • Posts: 10
    • Rustic Engineering
Tip: Creating a SNMP OID restriction for temperature readings
« on: October 23, 2009, 01:17:51 PM »
Hi,

Today I've a little challenge on my network: configure a permission to a specific IP for read the temperature of two ERS8600. This specific host don't become part of my management network, so I can't use the same snmp read community. I don't like to free everthing on the core to be read, so I start to liberate only the specific OID (temperature of chassis) on my two ERS8600, and only for the specific IP of the host, with a new read community.

After some study on Nortel documentation (2008_04_04_SNMP_on_ERS_8600_TCG_NN48500564.pdf) I present us my little todo for everone that needs some similar, because this document is not the mos objective guide of the world. My steps:

Step1: Create a MIB view, called "only_temp", restricted for the temperature OID:

config snmp-v3 mib-view create only_temp 1.3.6.1.4.1.2272.1.100.1.2.0 type include


View the changes:

config snmp-v3 mib-view info

Step2: Create a access group called "group_temp", with snmpv1 and v2c, no authentication, reading the "only_temp" mib-view:

config snmp-v3 group-access create group_temp "" snmpv1 noAuthNoPriv
config snmp-v3 group-access create group_temp "" snmpv2c noAuthNoPriv
config snmp-v3 group-access view group_temp "" snmpv1 noAuthNoPriv read only_temp write only_temp
config snmp-v3 group-access view group_temp "" snmpv2c noAuthNoPriv read only_temp write only_temp



View the changes:

config snmp-v3 group-access info


Step3: Create the user "user_temp" inside the group:

config snmp-v3 group-member create user_temp snmpv1 group_temp
config snmp-v3 group-member create user_temp snmpv2c group_temp


View the changes:

config snmp-v3 group-member info


Step4: Create a new community "ers8600", index "third" (the first and second alredy exist, adapt for you scenary), for the user "user_temp"

config snmp-v3 community create third ers8600 user_temp


View the changes:

config snmp-v3 community info


Step5: Create a new access-policy (policy 6 in my case) for the specific IP 10.10.10.1 (where the temperature has been monitored):

config sys access-policy policy 6 create
config sys access-policy policy 6 name policy6
config sys access-policy policy 6 accesslevel ro
config sys access-policy policy 6 network 10.10.10.1/255.255.255.255
config sys access-policy policy 6 snmp-group-add group_temp snmpv1
config sys access-policy policy 6 snmp-group-add group_temp snmpv2c
config sys access-policy policy 6 service telnet disable
config sys access-policy policy 6 service ssh disable
config sys access-policy policy 6 service tftp disable
config sys access-policy policy 6 service ftp disable
config sys access-policy policy 6 service snmpv3 enable


I hope this can help someone. Bye!

Logged

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 2157
    • Michael McNamara
Re: Tip: Creating a SNMP OID restriction for temperature readings
« Reply #1 on: October 23, 2009, 11:03:55 PM »
That's really nice work!

With your permission I'd like to re-post this to my blog, giving you full credit for the post.

Cheers!
« Last Edit: October 24, 2009, 09:42:48 AM by Michael McNamara »
Logged
If you've found this site useful and helpful, please help me spread the word. Link to us in your blog or homepage or Tweet about us! - Thanks!

Offline Forrequi

  • Rookie
  • **
  • Posts: 10
    • Rustic Engineering
Re: Tip: Creating a SNMP OID restriction for temperature readings
« Reply #2 on: October 24, 2009, 07:56:49 AM »
OK, off course!

Your blog help me so much some days that is a pleasure help others too.
Logged
Pages: [1]
« previous next »