Real Time Ascend Maling List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [(ASCEND) Blocking SNMP requests on a MAX 6000?]
The MAX6000 certainly DOES allow you to block SNMP requests by IP addresses,
and has had this feature for quite some time. You can configure up to five
SNMP manager addresses. All other addresses are then blocked. Here's how,
clipped from NavisAccess online help:
To restrict SNMP manager access on the MAX:
1. Attach to the MAX via Telnet or through the console port.
2. Log in with write access.
3. Open the Ethernet menu.
4. Open the Mod Config submenu.
5. Open the SNMP Options submenu.
6. Set the Security parameter to Yes.
Security=Yes
This parameter specifies that the MAX must compare the source IP address of
packets containing SNMP commands against a list of qualified IP addresses.
The unit checks the version and community strings before making source IP
address comparisons. (The Security parameter does not affect those checks.)
7. Specify the IP addresses of hosts that will have SNMP read permission.
For example:
RD Mgr1=10.1.2.3
RD Mgr2=10.1.2.4
RD Mgr3=10.1.2.5
RD Mgr4=10.1.2.6
RD Mgr5=10.1.2.7
If the Security parameter is set to Yes, only SNMP managers at those IP
addresses will be allowed to execute the SNMP GET and GET-NEXT commands.
8. Specify the IP addresses of hosts that will have SNMP write permission.
For example:
WR Mgr1=10.1.2.3
WR Mgr2=10.1.2.4
WR Mgr3=10.1.2.5
WR Mgr4=10.1.2.6
WR Mgr5=10.1.2.7
If the Security parameter is set to Yes, only SNMP managers at those IP
addresses will be allowed to execute the SNMP SET command.
9. Save and close the Ethernet profile.
That's it!
Regards,
Peter Eicher
Ascend NavisAccess Marketing Manager
> -----Original Message-----
> From: owner-ascend-users@max.bungi.com
> [mailto:owner-ascend-users@max.bungi.com]On Behalf Of Maverick
> Sent: Thursday, April 22, 1999 7:15 PM
> To: Roddy Strachan; Ascend List; roddy@satlink.com.au
> Cc: ascend-users@bungi.com
> Subject: Re: [(ASCEND) Blocking SNMP requests on a MAX 6000?]
>
>
> Roddy Strachan <roddy@satlink.com.au> wrote:
> Hi,
> Just wondering if its possbile to block any SNMP requests on a Max
> 6000, so that only specified IP's can use SNMP to view users on the box
> etc??
>
> MAX 6000 doesn't have a feature yet to allow only
> SNMP requests from a specific IP. You may want to
> implemment filters to block all SNMP requests
> except specific IPs.
>
>
> Hope it helps ...
>
> ____________________________________________________________________
> Get your own FREE, personal Netscape WebMail account today at
> http://webmail.netscape.com.
> ++ Ascend Users Mailing List ++
> To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd: <http://www.nealis.net/ascend/faq>
>
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>