SatLink VSAT User Guide
Publication no. 101557
Copyright © 2009 – STM Group, Inc.
Page 123 (160)
E.4 Access policies
Access to the VSAT’s MIBs is limited as follows: first by a restriction based on community name and
maximum access right combination, and then optionally by the SNMP request’s source IP address and net
mask and/or source interface.
When only community name and maximum access rights limit the access, then filtering in the VSAT is
achieved by checking the SNMP message’s community name and maximum access rights only.
Otherwise also the source IP address, net mask, and/or source interface of the SNMP message is checked.
If all these parameters of the SNMP message match the values stored in the MIB object that controls the
access rights, the SNMP message is processed. Otherwise it is discarded.
The factory default configuration of the VSAT is to have configured a
read-only community named PUBLIC that is accessible from all IP
addresses and interfaces. Please note that this default community is
only available when there are no other communities defined.
E.4.1 CLI commands for configuring SNMP access
CLI commands User Privilege Level
device snmp community <name> <ro|rw> [<ipaddr> <mask>]
1
device snmp delcommunity <name>
1
device snmp show
1
device manager add snmp <if> [<ip> <mask>]
1
device manager del snmp <if> [<ip> <mask>]
1
device manager show
1
In order to use the
device snmp and device manager CLI commands one has to be
logged in as a user with privilege level 1 (the root user).
E.4.2 Access configuration
To be able to access the VSAT MIB, it is necessary to configure both the VSAT and the MIB browser
application.
1. The MIB browser application has to be configured with the correct community name both for read
access and write access.
2. The VSATs SNMP access list has to be configured via CLI, using the
device snmp community
command and optionally the
device manager add snmp command. It is not possible to carry out
this configuration via the web management interface of the VSAT.
Example 1:
Define an access type with the name “public”, with read-write maximum access right and with no
restriction on the SNMP request’s IP address and net mask.
# device snmp community public rw
# device snmp show
SNMP management access:
-----------------------
Community String Access IpAddress Subnet
public Read/Write 0.0.0.0 0.0.0.0
To Next Page
Loading...
