2.7.4 How to specify community names
This subsection describes how to specify community names.
- Organization of this subsection
(1) get community name
Specify a get community name in the following line in the configuration file (/etc/SnmpAgent.d/snmpd.conf):
get-community-name: get-community-name options#
#: For details about options, see 2.7.4(3) Options.
-
If you specify a get community name, a request from any name other than the specified community name will result in an authentication failure.
-
If no get community name is specified, SNMP Agent does not respond to a GetRequest. However, if a set community name is specified, SNMP Agent responds to a GetRequest that uses the set community name.
-
If you specify a get community name, make sure that there is a single-byte space immediately after the colon (:).
-
If you set multiple get community names in the configuration file (/etc/SnmpAgent.d/snmpd.conf), SNMP Agent can respond to multiple get community names.
(2) set community name
Specify a set community name in the following line in the configuration file (/etc/SnmpAgent.d/snmpd.conf):
set-community-name: set-community-name options#
#: For details about options, see 2.7.4(3) Options.
-
If no set community name is specified, SNMP Agent does not respond to a SetRequest.
-
If you specify a set community name, make sure that there is a single-byte space immediately after the colon (:).
-
To enable the manager to set MIB values, you must specify a set community name. The manager uses the registered set community name to set MIB values.
-
You can configure SNMP Agent to respond to multiple set community names.
- Important
-
-
To specify the same name for both GetRequests and SetRequests, specify only the set-community-name: label.
-
Because it is reserved for use by SNMP Agent, you cannot specify the community name sendtrap as the get-community-name: label or set-community-name: label in the configuration file (/etc/SnmpAgent.d/snmpd.conf).
-
(3) Options
The available options are IP: and VIEW:
If you omit both options, the community name permits access requests from any IP address. In addition, you can access any MIB supported by SNMP Agent.
- IP:
-
The community name specified in the SNMP request restricts the IP addresses that can access MIBs. Specify each IP address that can access MIBs separated by a space. No host name is allowed. Place at least one space between the community name and IP: and between IP: and the IP address.
Example:
get-community-name: public IP: 172.16.45.17 172.16.45.18
If the community name specified in an SNMP request is public, SNMP Agent will respond to the SNMP request as long as the request comes from 172.16.45.17 or 172.16.45.18.
- VIEW:
-
The specified community name restricts accessible MIBs. Specify object IDs representing accessible subtrees (1.3.6.1.2.1 for mib-2, for example), separated by a space. If you add a hyphen (-) before an object ID, the subtree represented by the object ID will be inaccessible. Place at least one space between the community name and VIEW:, and between VIEW: and the object ID. Also, place one space before a hyphen (-).
Example:
get-community-name: public VIEW: 1.3.6.1.2.1 -1.3.6.1.2.1.1
If the community name specified in an SNMP request is public, SNMP Agent will permit access to MIBs under 1.3.6.1.2.1 with the exception of 1.3.6.1.2.1.1.
- Important
-
- Specifying both IP: and VIEW:
-
If you specify both IP: and VIEW:, specify IP: before VIEW:. Specify both on one line and do not place a linefeed between the two. You can also specify IP: and VIEW: for set-community-name.