EasyManua.ls Logo

STM SatLink VSAT - Access Policies for SNMP Management

STM SatLink VSAT
183 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
SatLink VSAT User Guide
Publication no. 101557
Rev 14.1.1-2
Copyright 2006-2012 STM Group, Inc.
Page 143 (182)
E.4 Access Policies
Access to the VSAT‘s MIBs is limited as follows: first by a restriction based on community name and
maximum access right combination, and then optionally by the SNMP request‘s source IP address and net
mask and/or source interface.
When only community name and maximum access rights limit the access, filtering in the VSAT is
achieved by checking the SNMP message‘s community name and maximum access rights only.
Otherwise, the source IP address, net mask, and/or source interface of the SNMP message are also
checked. If all these parameters of the SNMP message match the values stored in the MIB object that
controls the access rights, the SNMP message is processed. Otherwise it is discarded.
The factory default configuration of the VSAT is to have configured a read-only
community named PUBLIC that is accessible from all IP addresses and interfaces. Please
note that this default community is only available when there are no other communities
defined.
E.4.1 CLI commands for Configuring SNMP Access
CLI Commands
User Privilege Level
device snmp community <name> <ro|rw> [<ipaddr> <mask>]
1
device snmp delcommunity <name>
1
device snmp show
1
device manager add snmp <func> <if> [<ip> <mask>]
1
device manager del snmp <func> <if> [<ip> <mask>]
1
device manager show
device manager httpport <port>
1
In order to use the device snmp and device manager CLI commands one has to be
logged in as a user with privilege level 1 (the root user).
E.4.2 Access Configuration
In order to access the VSAT MIB, it is necessary to configure both the VSAT and the MIB browser
application.
1. The MIB browser application has to be configured with the correct community name both for read
access and write access.
2. The VSATs SNMP access list has to be configured via CLI, using the device snmp community
command and optionally the device manager add snmp command. It is not possible to carry out
this configuration via the web management interface of the VSAT.
Example 1:
Define an access type with the name ―public‖, with read-write maximum access rights and with no
restriction on the SNMP request‘s IP address and net mask.
# device snmp community public rw
# device snmp show
SNMP management access:
-----------------------
Community String Access IpAddress Subnet
public Read/Write 0.0.0.0 0.0.0.0

Table of Contents