Check Listening Addresses
This scenario shows how to restrict the addresses used to listen for incoming requests in SNMPv3. In addition, the SNMP ‘walk’ and ‘table’ commands are checked.
Test SNMPv3
Description
Listening addresses are configured for a user in DUT0, and the ‘walk’ and ‘table’ commands are used to check incoming requests in SNMPv3 .
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces dummy dum0 address 20.0.0.1/24 set interfaces ethernet eth0 address 10.0.0.1/24 set service snmp user USER2TEST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
Initially, local and DUT1 requests are allowed, since the ‘listen‘ field is set for all interfaces by default.
Step 3: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.165 = INTEGER: 165 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.165 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.165 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.165 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.165 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.165 = STRING: 6:db:8:2a:bc:83 IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.165 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.165 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.165 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 346645 IF-MIB::ifInOctets.2 = Counter32: 756387454 IF-MIB::ifInOctets.3 = Counter32: 1706270543 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.165 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.165 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.165 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 20 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.165 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.165 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.165 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 346645 IF-MIB::ifOutOctets.2 = Counter32: 2158364 IF-MIB::ifOutOctets.3 = Counter32: 1706286605 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.165 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2324 IF-MIB::ifOutUcastPkts.2 = Counter32: 21847 IF-MIB::ifOutUcastPkts.3 = Counter32: 13944100 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.165 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.165 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.165 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.165 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.165 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.165 = OID: SNMPv2-SMI::zeroDotZero
Step 4: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.165 = INTEGER: 165 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.165 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.165 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.165 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.165 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.165 = STRING: 6:db:8:2a:bc:83 IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.165 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.165 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.165 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 346645 IF-MIB::ifInOctets.2 = Counter32: 756387454 IF-MIB::ifInOctets.3 = Counter32: 1706270543 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.165 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.165 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.165 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 20 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.165 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.165 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.165 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 346645 IF-MIB::ifOutOctets.2 = Counter32: 2158364 IF-MIB::ifOutOctets.3 = Counter32: 1706286605 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.165 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2324 IF-MIB::ifOutUcastPkts.2 = Counter32: 21847 IF-MIB::ifOutUcastPkts.3 = Counter32: 13944100 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.165 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.165 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.165 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.165 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.165 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.165 = OID: SNMPv2-SMI::zeroDotZero
Step 5: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 165 dum0 ethernetCsmacd 1500 0 6:db:8:2a:bc:83 up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 346645 0 0 0 0 0 0:0:00:00.00 756387454 0 0 20 0 0 0:0:00:00.00 1706270543 0 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 346645 2324 0 0 0 0 2158364 21847 0 0 0 0 1706286605 13944100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Step 6: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 165 dum0 ethernetCsmacd 1500 0 6:db:8:2a:bc:83 up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 346645 0 0 0 0 0 0:0:00:00.00 756387454 0 0 20 0 0 0:0:00:00.00 1706270543 0 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 346645 2324 0 0 0 0 2158364 21847 0 0 0 0 1706286605 13944100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Note
After configuring SNMP to listen on the local address, local requests should be allowed, but not DUT1 requests.
Step 7: Modify the following configuration lines in DUT0 :
set interfaces dummy dum1 address 127.0.0.1/24 set service snmp listen address 127.0.0.1
Step 8: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.165 = INTEGER: 165 IF-MIB::ifIndex.166 = INTEGER: 166 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.165 = STRING: dum0 IF-MIB::ifDescr.166 = STRING: dum1 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.165 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.166 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.165 = INTEGER: 1500 IF-MIB::ifMtu.166 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.165 = Gauge32: 0 IF-MIB::ifSpeed.166 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.165 = STRING: 6:db:8:2a:bc:83 IF-MIB::ifPhysAddress.166 = STRING: 2:fc:b0:bf:f4:63 IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.165 = INTEGER: up(1) IF-MIB::ifAdminStatus.166 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.165 = INTEGER: up(1) IF-MIB::ifOperStatus.166 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.165 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.166 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 358341 IF-MIB::ifInOctets.2 = Counter32: 756391882 IF-MIB::ifInOctets.3 = Counter32: 1706270543 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.165 = Counter32: 0 IF-MIB::ifInOctets.166 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.165 = Counter32: 0 IF-MIB::ifInUcastPkts.166 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.165 = Counter32: 0 IF-MIB::ifInNUcastPkts.166 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 20 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.165 = Counter32: 0 IF-MIB::ifInDiscards.166 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.165 = Counter32: 0 IF-MIB::ifInErrors.166 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.165 = Counter32: 0 IF-MIB::ifInUnknownProtos.166 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 358341 IF-MIB::ifOutOctets.2 = Counter32: 2167462 IF-MIB::ifOutOctets.3 = Counter32: 1706286605 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.165 = Counter32: 0 IF-MIB::ifOutOctets.166 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2376 IF-MIB::ifOutUcastPkts.2 = Counter32: 21881 IF-MIB::ifOutUcastPkts.3 = Counter32: 13944100 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.165 = Counter32: 0 IF-MIB::ifOutUcastPkts.166 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.165 = Counter32: 0 IF-MIB::ifOutNUcastPkts.166 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.165 = Counter32: 0 IF-MIB::ifOutDiscards.166 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.165 = Counter32: 0 IF-MIB::ifOutErrors.166 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.165 = Gauge32: 0 IF-MIB::ifOutQLen.166 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.165 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.166 = OID: SNMPv2-SMI::zeroDotZero
Step 9: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 10: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 165 dum0 ethernetCsmacd 1500 0 6:db:8:2a:bc:83 up up 166 dum1 ethernetCsmacd 1500 0 2:fc:b0:bf:f4:63 up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 365135 2406 0 0 0 0 0:0:00:00.00 756392560 28290 0 20 0 0 0:0:00:00.00 1706270543 13943931 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 365135 2406 0 0 0 0 2168398 21889 0 0 0 0 1706286605 13944100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Step 11: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Note
After configuring SNMP to listen on the ‘10.0.0.1‘ address, DUT1 requests should be allowed, but not local requests.
Step 12: Modify the following configuration lines in DUT0 :
delete interfaces dummy dum1 delete service snmp listen address 127.0.0.1 set service snmp listen address 10.0.0.1
Step 13: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 14: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.165 = INTEGER: 165 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.165 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.165 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.165 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.165 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.165 = STRING: 6:db:8:2a:bc:83 IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.165 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.165 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.165 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 373208 IF-MIB::ifInOctets.2 = Counter32: 756393196 IF-MIB::ifInOctets.3 = Counter32: 1706270543 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.165 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 2448 IF-MIB::ifInUcastPkts.2 = Counter32: 28296 IF-MIB::ifInUcastPkts.3 = Counter32: 13943931 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.165 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.165 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 20 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.165 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.165 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.165 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 373208 IF-MIB::ifOutOctets.2 = Counter32: 2169202 IF-MIB::ifOutOctets.3 = Counter32: 1706286605 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.165 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2448 IF-MIB::ifOutUcastPkts.2 = Counter32: 21895 IF-MIB::ifOutUcastPkts.3 = Counter32: 13944100 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.165 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.165 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.165 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.165 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.165 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.165 = OID: SNMPv2-SMI::zeroDotZero
Step 15: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Step 16: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 165 dum0 ethernetCsmacd 1500 0 6:db:8:2a:bc:83 up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 374480 2460 0 0 0 0 0:0:00:00.00 756395332 28310 0 20 0 0 0:0:00:00.00 1706270543 13943931 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 374480 2460 0 0 0 0 2173366 21909 0 0 0 0 1706286605 13944100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Note
After configuring SNMP to listen on the ‘20.0.0.1‘ address, neither local nor DUT1 requests should be allowed.
Step 17: Modify the following configuration lines in DUT0 :
delete service snmp listen address 10.0.0.1 set service snmp listen address 20.0.0.1
Step 18: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 19: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 20: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Step 21: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)