Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Access Control

&pagelevel(5)&pagelevel

It is necessary to explicitly specify who is authorized to send traps and informs to the notification receiver (and what types of processing these are allowed to trigger). This uses an extension of the VACM model, used in the main SNMP agent.

There are currently three types of processing that can be specified:

  • ‘log’ - log the details of the notification - either in a specified file, to standard output (or stderr), or via syslog (or similar).

  • ‘execute’ - pass the details of the trap to a specified handler program

  • ‘net’ - forward the trap to another notification receiver.

In the following directives, TYPES will be a (comma-separated) list of one or more of these tokens.Most commonly, this will typically be log,execute,net to cover any style of processing for a particular category of notification. But it is perfectly possible (even desirable) to limit certain notification sources to selected processing only.

authCommunity TYPES COMMUNITY [SOURCE [OID | -v VIEW ]]

authorizes traps (and SNMPv2c INFORM requests) with the specified community to trigger the types of processing listed. By default, this will allow any notification using this community to be processed. The SOURCE field can be used to specify that the configuration should only apply to notifications received from particular sources

authUser TYPES [-s MODEL] USER [LEVEL [OID | -v VIEW ]]

authorizes SNMPv3 notifications with the specified user to trigger the types of processing listed. By default, this will accept authenticated requests. (authNoPriv or authPriv). The LEVEL field can be used to allow unauthenticated notifications (noauth), or to require encryption (priv), just as for the SNMP agent.

With both of these directives, the OID (or -v VIEW) field can be used to restrict this configuration to the processing of particular notifications.

authGroup TYPES [-s MODEL] GROUP [LEVEL [OID | -v VIEW ]]
authAccess TYPES [-s MODEL] GROUP VIEW [LEVEL [CONTEXT]]
setAccess GROUP CONTEXT MODEL LEVEL PREFIX VIEW TYPES

authorize notifications in the specified GROUP (configured using the group directive) to trigger the types of processing listed.

createUser username (MD5|SHA) authpassphrase [DES|AES]

See the section “SNMPv3 authentication” for a description of how to create SNMPv3users.

disableAuthorization yes

will disable the above access control checks, and revert to the previous behavior of accepting all incoming notifications.

Powered by Atlassian Confluence and Scroll Viewport.