Previous Topic: Setting the Bind AddressNext Topic: Access Lists for SNMPv1 Communities

CA SystemEDGE User GuideAgent ConfigurationFile-Based ConfigurationConfigure SNMP InformationConfigure Access Communities

Configure Access Communities

You can define read-only and read-write SNMPv1 access communities during installation and modify or define additional communities in the sysedge.cf file.

Note: Define SNMPv2c and SNMPv3 access information in the sysedgeV3.cf file.

To configure SNMPv1 access communities, enter them or edit any entries provided during installation in the sysedge.cf file using the following format:

community <name> <access> <ip-address-list>
name

Specifies the community granting the defined access to the defined addresses. You can use any ASCII characters for the community name.

access

Specifies what level of permissions to grant, either read-only or read-write.

ip-address-list

Specifies a space-separated list of IP addresses that have access using the given community name. Access lists are not totally secure because systems can still spoof IP addresses. Access lists do, however, provide the ability to restrict legitimate use. You can provide IPv4 or IPv6 addresses as access lists.

After installation, sysedge.cf defines a single read-only community named public by default, which provides read-only access to MIB objects.

Note: Common practice provides read-only access using the community name public.

To modify the values of MIB objects, you must define a community that has read-write access permissions. In the following example, SystemEDGE permits read-write access using the community name private to systems with one of the following IP addresses: 45.0.4.10, 45.0.8.12, 198.130.5.7, or ea2f:fe90:abcd:0000:230:a2f:200:ad01. SystemEDGE treats any other system that attempts to use private as an authentication failure:

community private read-write 45.0.4.10 45.0.8.12 198.130.5.7 ea2f:fe90:abcd:0000:230:a2f:200:ad01

The community name of private is used here only as an example. Use a more unique community name for security purposes.

Note: The community name is not encrypted when it appears in an SNMP message header, and access lists are subject to potential IP spoofing. You should take configuration steps to limit potential security violations if you are using SNMPv1 communities. For more information, see Recommendations for Configuring Security.