Controlling Access to Router MIBs

Problem

You want to limit the access of a group of NMS systems so they can gather only basic system and chassis information from the router.

Solution

Use the following commands to define the MIB branches that a community can access:

	[edit snmp]
	aviva@router1#  
set view chassis-info-only oid jnxBoxAnatomy include
	aviva@router1# set view chassis-info-only oid snmpMIBObjects include
	aviva@router1# set view chassis-info-only oid system include

Then associate the MIB view with the community:

	[edit snmp]
	aviva@router1#  
set community chassis-access-only view chassis-info-only

 

Discussion

By default, an SNMP community can access the whole MIB installed on the router. You can limit the MIB access that a community has by creating partial views of the MIB. This recipe creates a community that can view information only about objects in the Juniper Networks chassis MIB and in the standard MIB-II MIB. Controlling access consists of two steps: create the view itself using the set view commands and then associate the view with the community using the set community command.

If you want a community to be able to read most but not all of the MIB, you can restrict access to just a few MIB branches.

You might want to give access to all MIB branches except the two in which the JUNOS software allows SNMP Set operations, the ping and traceroute MIB branches:

	[edit snmp]
	aviva@router1# set view ping-traceroute-exclude oid jnxPingMIB exclude
	aviva@router1# set view ping-traceroute-exclude oid jnxTraceRouteMIB exclude
	aviva@router1# set community public view ping-traceroute-exclude


Router Configuration and File Management

Basic Router Security and Access Control

IPSec

SNMP

Logging

NTP

Router Interfaces

IP Routing

Routing Policy and Firewall Filters

RIP

IS-IS

OSPF

BGP

MPLS

VPNs

IP Multicast



JUNOS Cookbook
Junos Cookbook (Cookbooks (OReilly))
ISBN: 0596100140
EAN: 2147483647
Year: 2007
Pages: 290
Authors: Aviva Garrett

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net