Check Listening Addresses
This scenario shows how to restrict the addresses used to listen for incoming requests in SNMPv3. In addition, the SNMP ‘walk’ and ‘table’ commands are checked.
Test SNMPv3
Description
Listening addresses are configured for a user in DUT0, and the ‘walk’ and ‘table’ commands are used to check incoming requests in SNMPv3 .
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces dummy dum0 address 20.0.0.1/24 set interfaces ethernet eth0 address 10.0.0.1/24 set service snmp user USER2TEST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
Initially, local and DUT1 requests are allowed, since the ‘listen‘ field is set for all interfaces by default.
Step 3: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.174 = INTEGER: 174 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.174 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.174 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.174 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.174 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.174 = STRING: 32:6c:cd:5b:e4:24 IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.174 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.174 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.174 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 385708 IF-MIB::ifInOctets.2 = Counter32: 767767308 IF-MIB::ifInOctets.3 = Counter32: 535734165 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.174 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.174 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.174 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 18 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.174 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.174 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.174 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 385708 IF-MIB::ifOutOctets.2 = Counter32: 1348701 IF-MIB::ifOutOctets.3 = Counter32: 535762427 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.174 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2467 IF-MIB::ifOutUcastPkts.2 = Counter32: 10700 IF-MIB::ifOutUcastPkts.3 = Counter32: 3347617 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.174 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.174 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.174 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.174 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.174 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.174 = OID: SNMPv2-SMI::zeroDotZero
Step 4: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.174 = INTEGER: 174 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.174 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.174 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.174 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.174 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.174 = STRING: 32:6c:cd:5b:e4:24 IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.174 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.174 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.174 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 385708 IF-MIB::ifInOctets.2 = Counter32: 767767308 IF-MIB::ifInOctets.3 = Counter32: 535734165 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.174 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.174 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.174 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 18 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.174 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.174 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.174 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 385708 IF-MIB::ifOutOctets.2 = Counter32: 1348701 IF-MIB::ifOutOctets.3 = Counter32: 535762427 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.174 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2467 IF-MIB::ifOutUcastPkts.2 = Counter32: 10700 IF-MIB::ifOutUcastPkts.3 = Counter32: 3347617 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.174 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.174 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.174 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.174 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.174 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.174 = OID: SNMPv2-SMI::zeroDotZero
Step 5: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 174 dum0 ethernetCsmacd 1500 0 32:6c:cd:5b:e4:24 up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 391551 2493 0 0 0 0 0:0:00:00.00 767769640 18736 0 18 0 0 0:0:00:00.00 535734165 3347375 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 391551 2493 0 0 0 0 1353682 10721 0 0 0 0 535762427 3347617 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Step 6: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 174 dum0 ethernetCsmacd 1500 0 32:6c:cd:5b:e4:24 up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 391551 2493 0 0 0 0 0:0:00:00.00 767769640 18736 0 18 0 0 0:0:00:00.00 535734165 3347375 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 391551 2493 0 0 0 0 1353682 10721 0 0 0 0 535762427 3347617 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Note
After configuring SNMP to listen on the local address, local requests should be allowed, but not DUT1 requests.
Step 7: Modify the following configuration lines in DUT0 :
set interfaces dummy dum1 address 127.0.0.1/24 set service snmp listen address 127.0.0.1
Step 8: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.174 = INTEGER: 174 IF-MIB::ifIndex.175 = INTEGER: 175 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.174 = STRING: dum0 IF-MIB::ifDescr.175 = STRING: dum1 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.174 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.175 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.174 = INTEGER: 1500 IF-MIB::ifMtu.175 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.174 = Gauge32: 0 IF-MIB::ifSpeed.175 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.174 = STRING: 32:6c:cd:5b:e4:24 IF-MIB::ifPhysAddress.175 = STRING: ca:41:92:e8:29:b2 IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.174 = INTEGER: up(1) IF-MIB::ifAdminStatus.175 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.174 = INTEGER: up(1) IF-MIB::ifOperStatus.175 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.174 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.175 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 397400 IF-MIB::ifInOctets.2 = Counter32: 767771736 IF-MIB::ifInOctets.3 = Counter32: 535734165 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.174 = Counter32: 0 IF-MIB::ifInOctets.175 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.174 = Counter32: 0 IF-MIB::ifInUcastPkts.175 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.174 = Counter32: 0 IF-MIB::ifInNUcastPkts.175 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 18 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.174 = Counter32: 0 IF-MIB::ifInDiscards.175 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.174 = Counter32: 0 IF-MIB::ifInErrors.175 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.174 = Counter32: 0 IF-MIB::ifInUnknownProtos.175 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 397400 IF-MIB::ifOutOctets.2 = Counter32: 1357799 IF-MIB::ifOutOctets.3 = Counter32: 535762427 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.174 = Counter32: 0 IF-MIB::ifOutOctets.175 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2519 IF-MIB::ifOutUcastPkts.2 = Counter32: 10734 IF-MIB::ifOutUcastPkts.3 = Counter32: 3347617 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.174 = Counter32: 0 IF-MIB::ifOutUcastPkts.175 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.174 = Counter32: 0 IF-MIB::ifOutNUcastPkts.175 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.174 = Counter32: 0 IF-MIB::ifOutDiscards.175 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.174 = Counter32: 0 IF-MIB::ifOutErrors.175 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.174 = Gauge32: 0 IF-MIB::ifOutQLen.175 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.174 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.175 = OID: SNMPv2-SMI::zeroDotZero
Step 9: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 10: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 174 dum0 ethernetCsmacd 1500 0 32:6c:cd:5b:e4:24 up up 175 dum1 ethernetCsmacd 1500 0 ca:41:92:e8:29:b2 up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 404403 2551 0 0 0 0 0:0:00:00.00 767772202 18754 0 18 0 0 0:0:00:00.00 535734165 3347375 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 404403 2551 0 0 0 0 1358377 10739 0 0 0 0 535762427 3347617 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Step 11: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Note
After configuring SNMP to listen on the ‘10.0.0.1‘ address, DUT1 requests should be allowed, but not local requests.
Step 12: Modify the following configuration lines in DUT0 :
delete interfaces dummy dum1 delete service snmp listen address 127.0.0.1 set service snmp listen address 10.0.0.1
Step 13: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 14: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.174 = INTEGER: 174 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.174 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.174 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.174 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.174 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.174 = STRING: 32:6c:cd:5b:e4:24 IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.174 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.174 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.174 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 412472 IF-MIB::ifInOctets.2 = Counter32: 767773050 IF-MIB::ifInOctets.3 = Counter32: 535734165 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.174 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 2593 IF-MIB::ifInUcastPkts.2 = Counter32: 18762 IF-MIB::ifInUcastPkts.3 = Counter32: 3347375 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.174 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.174 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 18 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.174 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.174 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.174 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 412472 IF-MIB::ifOutOctets.2 = Counter32: 1359449 IF-MIB::ifOutOctets.3 = Counter32: 535762427 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.174 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2593 IF-MIB::ifOutUcastPkts.2 = Counter32: 10747 IF-MIB::ifOutUcastPkts.3 = Counter32: 3347617 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.174 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.174 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.174 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.174 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.174 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.174 = OID: SNMPv2-SMI::zeroDotZero
Step 15: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Step 16: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 174 dum0 ethernetCsmacd 1500 0 32:6c:cd:5b:e4:24 up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 413532 2603 0 0 0 0 0:0:00:00.00 767775144 18775 0 18 0 0 0:0:00:00.00 535734165 3347375 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 413532 2603 0 0 0 0 1363566 10760 0 0 0 0 535762427 3347617 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Note
After configuring SNMP to listen on the ‘20.0.0.1‘ address, neither local nor DUT1 requests should be allowed.
Step 17: Modify the following configuration lines in DUT0 :
delete service snmp listen address 10.0.0.1 set service snmp listen address 20.0.0.1
Step 18: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 19: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 20: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Step 21: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)