Check Listening Addresses
This scenario shows how to restrict the addresses used to listen for incoming requests in SNMPv3. In addition, the SNMP ‘walk’ and ‘table’ commands are checked.
Test SNMPv3
Description
Listening addresses are configured for a user in DUT0, and the ‘walk’ and ‘table’ commands are used to check incoming requests in SNMPv3 .
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.0.0.1/24 set interfaces dummy dum0 address 20.0.0.1/24 set service snmp user USER2TEST
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.0.0.2/24
Note
Initially, local and DUT1 requests are allowed, since the ‘listen‘ field is set for all interfaces by default.
Step 3: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.138 = INTEGER: 138 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: Red Hat, Inc Device 0001 IF-MIB::ifDescr.3 = STRING: Red Hat, Inc Device 0001 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.138 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.138 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.138 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.138 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:10 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:11 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.138 = STRING: 7a:b5:17:90:45:7f IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.138 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.138 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.138 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 223313 IF-MIB::ifInOctets.2 = Counter32: 588754149 IF-MIB::ifInOctets.3 = Counter32: 729289812 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.138 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.138 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.138 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 186 IF-MIB::ifInDiscards.3 = Counter32: 14 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.138 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.138 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.138 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 223313 IF-MIB::ifOutOctets.2 = Counter32: 2187430 IF-MIB::ifOutOctets.3 = Counter32: 729277242 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.138 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 1930 IF-MIB::ifOutUcastPkts.2 = Counter32: 22891 IF-MIB::ifOutUcastPkts.3 = Counter32: 3430356 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.138 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.138 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.138 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.138 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.138 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.138 = OID: SNMPv2-SMI::zeroDotZero
Step 4: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.138 = INTEGER: 138 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: Red Hat, Inc Device 0001 IF-MIB::ifDescr.3 = STRING: Red Hat, Inc Device 0001 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.138 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.138 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.138 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.138 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:10 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:11 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.138 = STRING: 7a:b5:17:90:45:7f IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.138 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.138 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.138 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 223313 IF-MIB::ifInOctets.2 = Counter32: 588754149 IF-MIB::ifInOctets.3 = Counter32: 729289812 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.138 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.138 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.138 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 186 IF-MIB::ifInDiscards.3 = Counter32: 14 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.138 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.138 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.138 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 223313 IF-MIB::ifOutOctets.2 = Counter32: 2187430 IF-MIB::ifOutOctets.3 = Counter32: 729277242 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.138 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 1930 IF-MIB::ifOutUcastPkts.2 = Counter32: 22891 IF-MIB::ifOutUcastPkts.3 = Counter32: 3430356 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.138 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.138 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.138 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.138 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.138 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.138 = OID: SNMPv2-SMI::zeroDotZero
Step 5: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus 1 lo softwareLoopback 65536 10000000 up 2 Red Hat, Inc Device 0001 ethernetCsmacd 1500 0 de:ad:be:ef:6c:10 up 3 Red Hat, Inc Device 0001 ethernetCsmacd 1500 0 de:ad:be:ef:6c:11 down 4 ip_vti0 tunnel 1480 0 down 138 dum0 ethernetCsmacd 1500 0 7a:b5:17:90:45:7f up SNMP table IF-MIB::ifTable, part 2 ifOperStatus ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors up 0:0:00:00.00 223313 0 0 0 0 up 0:0:00:00.00 588754149 0 0 186 0 down 0:0:00:00.00 729289812 0 0 14 0 down 0:0:00:00.00 0 0 0 0 0 up 0:0:00:00.00 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifInUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 0 223313 1930 0 0 0 0 0 2187430 22891 0 0 0 0 0 729277242 3430356 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Step 6: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus 1 lo softwareLoopback 65536 10000000 up 2 Red Hat, Inc Device 0001 ethernetCsmacd 1500 0 de:ad:be:ef:6c:10 up 3 Red Hat, Inc Device 0001 ethernetCsmacd 1500 0 de:ad:be:ef:6c:11 down 4 ip_vti0 tunnel 1480 0 down 138 dum0 ethernetCsmacd 1500 0 7a:b5:17:90:45:7f up SNMP table IF-MIB::ifTable, part 2 ifOperStatus ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors up 0:0:00:00.00 223313 0 0 0 0 up 0:0:00:00.00 588754149 0 0 186 0 down 0:0:00:00.00 729289812 0 0 14 0 down 0:0:00:00.00 0 0 0 0 0 up 0:0:00:00.00 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifInUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 0 223313 1930 0 0 0 0 0 2187430 22891 0 0 0 0 0 729277242 3430356 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Note
After configuring SNMP to listen on the local address, local requests should be allowed, but not DUT1 requests.
Step 7: Set the following configuration in DUT0:
set interfaces dummy dum1 address 127.0.0.1/24 set service snmp listen address 127.0.0.1
Step 8: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.138 = INTEGER: 138 IF-MIB::ifIndex.139 = INTEGER: 139 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: Red Hat, Inc Device 0001 IF-MIB::ifDescr.3 = STRING: Red Hat, Inc Device 0001 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.138 = STRING: dum0 IF-MIB::ifDescr.139 = STRING: dum1 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.138 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.139 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.138 = INTEGER: 1500 IF-MIB::ifMtu.139 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.138 = Gauge32: 0 IF-MIB::ifSpeed.139 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:10 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:11 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.138 = STRING: 7a:b5:17:90:45:7f IF-MIB::ifPhysAddress.139 = STRING: 5e:34:9b:6e:23:92 IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.138 = INTEGER: up(1) IF-MIB::ifAdminStatus.139 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.138 = INTEGER: up(1) IF-MIB::ifOperStatus.139 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.138 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.139 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 235893 IF-MIB::ifInOctets.2 = Counter32: 588758577 IF-MIB::ifInOctets.3 = Counter32: 729289812 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.138 = Counter32: 0 IF-MIB::ifInOctets.139 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.138 = Counter32: 0 IF-MIB::ifInUcastPkts.139 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.138 = Counter32: 0 IF-MIB::ifInNUcastPkts.139 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 186 IF-MIB::ifInDiscards.3 = Counter32: 14 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.138 = Counter32: 0 IF-MIB::ifInDiscards.139 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.138 = Counter32: 0 IF-MIB::ifInErrors.139 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.138 = Counter32: 0 IF-MIB::ifInUnknownProtos.139 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 235893 IF-MIB::ifOutOctets.2 = Counter32: 2196694 IF-MIB::ifOutOctets.3 = Counter32: 729277242 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.138 = Counter32: 0 IF-MIB::ifOutOctets.139 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 1994 IF-MIB::ifOutUcastPkts.2 = Counter32: 22926 IF-MIB::ifOutUcastPkts.3 = Counter32: 3430356 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.138 = Counter32: 0 IF-MIB::ifOutUcastPkts.139 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.138 = Counter32: 0 IF-MIB::ifOutNUcastPkts.139 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.138 = Counter32: 0 IF-MIB::ifOutDiscards.139 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.138 = Counter32: 0 IF-MIB::ifOutErrors.139 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.138 = Gauge32: 0 IF-MIB::ifOutQLen.139 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.138 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.139 = OID: SNMPv2-SMI::zeroDotZero
Step 9: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 10: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus 1 lo softwareLoopback 65536 10000000 up 2 Red Hat, Inc Device 0001 ethernetCsmacd 1500 0 de:ad:be:ef:6c:10 up 3 Red Hat, Inc Device 0001 ethernetCsmacd 1500 0 de:ad:be:ef:6c:11 down 4 ip_vti0 tunnel 1480 0 down 138 dum0 ethernetCsmacd 1500 0 7a:b5:17:90:45:7f up 139 dum1 ethernetCsmacd 1500 0 5e:34:9b:6e:23:92 up SNMP table IF-MIB::ifTable, part 2 ifOperStatus ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors up 0:0:00:00.00 242726 2024 0 0 0 up 0:0:00:00.00 588759255 31652 0 186 0 down 0:0:00:00.00 729289812 3430128 0 14 0 down 0:0:00:00.00 0 0 0 0 0 up 0:0:00:00.00 0 0 0 0 0 up 0:0:00:00.00 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifInUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 0 242726 2024 0 0 0 0 0 2197540 22933 0 0 0 0 0 729277242 3430356 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Step 11: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Note
After configuring SNMP to listen on the ‘10.0.0.1‘ address, DUT1 requests should be allowed, but not local requests.
Step 12: Set the following configuration in DUT0:
del interfaces dummy dum1 address 127.0.0.1/24 del service snmp listen address 127.0.0.1 set service snmp listen address 10.0.0.1
Step 13: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 14: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.138 = INTEGER: 138 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: Red Hat, Inc Device 0001 IF-MIB::ifDescr.3 = STRING: Red Hat, Inc Device 0001 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.138 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.138 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.138 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.138 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:10 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:11 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.138 = STRING: 7a:b5:17:90:45:7f IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.138 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.138 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.138 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 250837 IF-MIB::ifInOctets.2 = Counter32: 588759891 IF-MIB::ifInOctets.3 = Counter32: 729289812 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.138 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 2066 IF-MIB::ifInUcastPkts.2 = Counter32: 31658 IF-MIB::ifInUcastPkts.3 = Counter32: 3430128 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.138 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.138 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 186 IF-MIB::ifInDiscards.3 = Counter32: 14 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.138 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.138 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.138 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 250837 IF-MIB::ifOutOctets.2 = Counter32: 2198344 IF-MIB::ifOutOctets.3 = Counter32: 729277242 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.138 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2066 IF-MIB::ifOutUcastPkts.2 = Counter32: 22939 IF-MIB::ifOutUcastPkts.3 = Counter32: 3430356 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.138 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.138 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.138 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.138 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.138 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.138 = OID: SNMPv2-SMI::zeroDotZero
Step 15: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Step 16: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus 1 lo softwareLoopback 65536 10000000 up 2 Red Hat, Inc Device 0001 ethernetCsmacd 1500 0 de:ad:be:ef:6c:10 up 3 Red Hat, Inc Device 0001 ethernetCsmacd 1500 0 de:ad:be:ef:6c:11 down 4 ip_vti0 tunnel 1480 0 down 138 dum0 ethernetCsmacd 1500 0 7a:b5:17:90:45:7f up SNMP table IF-MIB::ifTable, part 2 ifOperStatus ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors up 0:0:00:00.00 252109 2078 0 0 0 up 0:0:00:00.00 588762027 31672 0 186 0 down 0:0:00:00.00 729289812 3430128 0 14 0 down 0:0:00:00.00 0 0 0 0 0 up 0:0:00:00.00 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifInUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 0 252109 2078 0 0 0 0 0 2202545 22953 0 0 0 0 0 729277242 3430356 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Note
After configuring SNMP to listen on the ‘20.0.0.1‘ address, neither local nor DUT1 requests should be allowed.
Step 17: Set the following configuration in DUT0:
del service snmp listen address 10.0.0.1 set service snmp listen address 20.0.0.1
Step 18: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 19: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 20: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Step 21: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)