beautypg.com

Comtrol eCos User Manual

Page 626

background image

Chapter 47. SNMP for eCos

The minimum level of authentication and privacy the

user must use

is

specified

by

the

first

token

(which

defaults

to

"auth").

The

OID parameter

restricts access for that user to everything

below

the given OID.

com2sec NAME SOURCE COMMUNITY

This

directive

specifies

the

mapping

from

a

source/community pair to a

security

name.

SOURCE

can be a hostname, a subnet, or the word "default".

A subnet can be specified as

IP/MASK

or

IP/BITS.

The first source/community combination that matches

the incoming packet is selected.

group NAME MODEL SECURITY

This directive defines the mapping

from

security-

model/securityname

to

group.

MODEL is one of v1,

v2c, or usm.

access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY

The

access

directive

maps

from

group/security

model/security

level

to

a view.

MODEL is one of

any, v1, v2c, or usm.

LEVEL

is

one

of

noauth,

auth,

or priv.

PREFX specifies how CONTEXT should

be matched against the context of the incoming pdu,

either

exact

or

prefix.

READ, WRITE and NOTIFY

specifies the view to be used for the corresponding

access.

For

v1

or

v2c

access,

LEVEL

will be

noauth, and CONTEXT will be empty.

view NAME TYPE SUBTREE [MASK]

The defines the named view. TYPE is either included

or

excluded.

MASK is a list of hex octets, sepa-

rated by ’.’ or ’:’.

The MASK defaults to "ff"

if

not specified.

The

reason

for the mask is, that it allows you to

control access to one row in a table,

in

a

rela-

tively

simple

way.

As

an example, as an ISP you

might consider giving each customer access

to

his

or her own interface:

view cust1 included interfaces.ifTable.ifEntry.ifIndex.1 ff.a0

view cust2 included interfaces.ifTable.ifEntry.ifIndex.2 ff.a0

(interfaces.ifTable.ifEntry.ifIndex.1 == .1.3.6.1.2.1.2.2.1.1.1,

ff.a0 == 11111111.10100000. which nicely covers up and including

the row index, but lets the user vary the field of the row)

VACM Examples:

#

sec.name

source

community

com2sec local

localhost

private

com2sec mynet

10.10.10.0/24

public

com2sec public

default

public

522

See also other documents in the category Comtrol Accessories communication: