User guide

ManualsBrandsAllied Telesis ManualsComputer equipmentAT-iMG634 - R2

131

132

133

134

135

136

137

138

139

140

SNMP Configuring source address checking

iMG/RG Software Reference Manual (System Configuration)

1-102

To configure a source address (from which a message will be received), add one or more snmpTargetAd-

drEntry definition in the snmpd.cnf file accordingly the following syntax:

snmpTargetAddrEntry <snmpTargetAddrName> <snmpTargetAddrTDomain>

<snmpTargetAddrTAddress> <snmpTargetAddrTimeout> <snmpTargetAddrRe-

tryCount> <snmpTargetAddrTagList> <snmpTargetAddrParams> <snmpTar-

getAddrStorageType> <snmpTargetAddrTMask> <snmpTargetAddrMMS>

snmpTargetAddrName

is a human readable string representing the name of this target.

snmpTargetAddrTDomain

is an OID which indicates the network type (UDP/IP, IPX, etc.). For UDP/IP transport type, the OID value (in

dotted format) is 1.3.6.1.6.1.1 or equivalent (in English name) snmpUDPDomain.

snmpTargetAddrTAddress

is a valid address in the snmpTargetAddrTDomain. For example, if the snmpTargetAddrTDomain is

snmpUDPDomain, a valid address would be 192.147.142.35:0. This address is compared to the source

address of an incoming message to determine if the message should be received or rejected. The scope of this

comparison is controlled by the value of snmpTargetAddrTMask (see below).

snmpTargetAddrTimeout

is an integer which must be present but is ignored by the SNMP engine. This field should be set to zero.

snmpTargetAddrRetryCount

is an integer which must be present but is ignored by the SNMP engine. This field should be set to zero.

snmpTargetAddrTagList

is a quoted string containing one or more (space-separated) tags. These tags correspond to the value of

usmTargetTag in the usmUserTable and to the value of snmpCommunityTransportTag in the

snmpCommunityTable.

An incoming SNMPv1 or SNMPv2c message will not be rejected if:

• The community string in the incoming message matches a con figured snmpcommunityname, and

• The snmpcommunityentry has a snmpcommunitytransporttag with one or more correspond-

ing tag(s) in the snmptargetaddrtable, and

• The source address of the incoming message is validated by snmptargetaddrtaddress (masked by

snmptargetaddrtmask) of a corresponding snmptargetaddrentry

An incoming SNMPv3 message will not be rejected if:

• The user identified by the incoming message matches a configured usmusername, and

• The usmuserentry has a usmtargettag with one or more corresponding tag(s) in the snmptargetaddrtable,

• The source address of the incoming message is validated by snmptargetaddrtaddress (masked by snmptar-

getaddrtmask) of a corresponding snmptargetaddrentry