Check Listening Addresses
This scenario shows how to restrict the addresses used to listen for incoming requests in SNMPv3. In addition, the SNMP ‘walk’ and ‘table’ commands are checked.
Test SNMPv3
Description
Listening addresses are configured for a user in DUT0, and the ‘walk’ and ‘table’ commands are used to check incoming requests in SNMPv3 .
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces dummy dum0 address 20.0.0.1/24 set interfaces ethernet eth0 address 10.0.0.1/24 set service snmp user USER2TEST set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
Initially, local and DUT1 requests are allowed, since the ‘listen‘ field is set for all interfaces by default.
Step 3: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.124 = INTEGER: 124 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.124 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.124 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.124 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.124 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.124 = STRING: 92:fd:fe:de:5a:ff IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.124 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.124 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.124 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 223732 IF-MIB::ifInOctets.2 = Counter32: 769231786 IF-MIB::ifInOctets.3 = Counter32: 1931964371 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.124 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.124 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.124 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 147 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.124 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.124 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.124 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 223732 IF-MIB::ifOutOctets.2 = Counter32: 1803778 IF-MIB::ifOutOctets.3 = Counter32: 1933058433 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.124 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 1889 IF-MIB::ifOutUcastPkts.2 = Counter32: 20796 IF-MIB::ifOutUcastPkts.3 = Counter32: 11300733 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.124 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.124 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.124 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.124 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.124 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.124 = OID: SNMPv2-SMI::zeroDotZero
Step 4: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.124 = INTEGER: 124 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.124 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.124 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.124 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.124 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.124 = STRING: 92:fd:fe:de:5a:ff IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.124 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.124 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.124 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 223732 IF-MIB::ifInOctets.2 = Counter32: 769231786 IF-MIB::ifInOctets.3 = Counter32: 1931964371 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.124 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.124 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.124 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 147 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.124 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.124 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.124 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 223732 IF-MIB::ifOutOctets.2 = Counter32: 1803778 IF-MIB::ifOutOctets.3 = Counter32: 1933058433 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.124 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 1889 IF-MIB::ifOutUcastPkts.2 = Counter32: 20796 IF-MIB::ifOutUcastPkts.3 = Counter32: 11300733 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.124 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.124 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.124 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.124 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.124 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.124 = OID: SNMPv2-SMI::zeroDotZero
Step 5: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 124 dum0 ethernetCsmacd 1500 0 92:fd:fe:de:5a:ff up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 223732 0 0 0 0 0 0:0:00:00.00 769231786 0 0 147 0 0 0:0:00:00.00 1931964371 0 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 223732 1889 0 0 0 0 1803778 20796 0 0 0 0 1933058433 11300733 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Step 6: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 124 dum0 ethernetCsmacd 1500 0 92:fd:fe:de:5a:ff up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 223732 0 0 0 0 0 0:0:00:00.00 769231786 0 0 147 0 0 0:0:00:00.00 1931964371 0 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 223732 1889 0 0 0 0 1803778 20796 0 0 0 0 1933058433 11300733 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Note
After configuring SNMP to listen on the local address, local requests should be allowed, but not DUT1 requests.
Step 7: Modify the following configuration lines in DUT0 :
set interfaces dummy dum1 address 127.0.0.1/24 set service snmp listen address 127.0.0.1
Step 8: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.124 = INTEGER: 124 IF-MIB::ifIndex.125 = INTEGER: 125 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.124 = STRING: dum0 IF-MIB::ifDescr.125 = STRING: dum1 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.124 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.125 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.124 = INTEGER: 1500 IF-MIB::ifMtu.125 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.124 = Gauge32: 0 IF-MIB::ifSpeed.125 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.124 = STRING: 92:fd:fe:de:5a:ff IF-MIB::ifPhysAddress.125 = STRING: 82:20:79:2b:b4:2f IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.124 = INTEGER: up(1) IF-MIB::ifAdminStatus.125 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.124 = INTEGER: up(1) IF-MIB::ifOperStatus.125 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.124 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.125 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 235362 IF-MIB::ifInOctets.2 = Counter32: 769236192 IF-MIB::ifInOctets.3 = Counter32: 1931964371 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.124 = Counter32: 0 IF-MIB::ifInOctets.125 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 0 IF-MIB::ifInUcastPkts.2 = Counter32: 0 IF-MIB::ifInUcastPkts.3 = Counter32: 0 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.124 = Counter32: 0 IF-MIB::ifInUcastPkts.125 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.124 = Counter32: 0 IF-MIB::ifInNUcastPkts.125 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 147 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.124 = Counter32: 0 IF-MIB::ifInDiscards.125 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.124 = Counter32: 0 IF-MIB::ifInErrors.125 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.124 = Counter32: 0 IF-MIB::ifInUnknownProtos.125 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 235362 IF-MIB::ifOutOctets.2 = Counter32: 1812832 IF-MIB::ifOutOctets.3 = Counter32: 1933058433 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.124 = Counter32: 0 IF-MIB::ifOutOctets.125 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 1941 IF-MIB::ifOutUcastPkts.2 = Counter32: 20830 IF-MIB::ifOutUcastPkts.3 = Counter32: 11300733 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.124 = Counter32: 0 IF-MIB::ifOutUcastPkts.125 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.124 = Counter32: 0 IF-MIB::ifOutNUcastPkts.125 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.124 = Counter32: 0 IF-MIB::ifOutDiscards.125 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.124 = Counter32: 0 IF-MIB::ifOutErrors.125 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.124 = Gauge32: 0 IF-MIB::ifOutQLen.125 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.124 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.125 = OID: SNMPv2-SMI::zeroDotZero
Step 9: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 10: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 124 dum0 ethernetCsmacd 1500 0 92:fd:fe:de:5a:ff up up 125 dum1 ethernetCsmacd 1500 0 82:20:79:2b:b4:2f up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 242107 1971 0 0 0 0 0:0:00:00.00 769236870 28080 0 147 0 0 0:0:00:00.00 1931964371 11299956 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 242107 1971 0 0 0 0 1813768 20838 0 0 0 0 1933058433 11300733 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Step 11: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Note
After configuring SNMP to listen on the ‘10.0.0.1‘ address, DUT1 requests should be allowed, but not local requests.
Step 12: Modify the following configuration lines in DUT0 :
delete interfaces dummy dum1 delete service snmp listen address 127.0.0.1 set service snmp listen address 10.0.0.1
Step 13: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 14: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
IF-MIB::ifIndex.1 = INTEGER: 1 IF-MIB::ifIndex.2 = INTEGER: 2 IF-MIB::ifIndex.3 = INTEGER: 3 IF-MIB::ifIndex.4 = INTEGER: 4 IF-MIB::ifIndex.124 = INTEGER: 124 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1 IF-MIB::ifDescr.4 = STRING: ip_vti0 IF-MIB::ifDescr.124 = STRING: dum0 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifType.124 = INTEGER: ethernetCsmacd(6) IF-MIB::ifMtu.1 = INTEGER: 65536 IF-MIB::ifMtu.2 = INTEGER: 1500 IF-MIB::ifMtu.3 = INTEGER: 1500 IF-MIB::ifMtu.4 = INTEGER: 1480 IF-MIB::ifMtu.124 = INTEGER: 1500 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 0 IF-MIB::ifSpeed.3 = Gauge32: 0 IF-MIB::ifSpeed.4 = Gauge32: 0 IF-MIB::ifSpeed.124 = Gauge32: 0 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: de:ad:be:ef:6c:0 IF-MIB::ifPhysAddress.3 = STRING: de:ad:be:ef:6c:1 IF-MIB::ifPhysAddress.4 = STRING: IF-MIB::ifPhysAddress.124 = STRING: 92:fd:fe:de:5a:ff IF-MIB::ifAdminStatus.1 = INTEGER: up(1) IF-MIB::ifAdminStatus.2 = INTEGER: up(1) IF-MIB::ifAdminStatus.3 = INTEGER: down(2) IF-MIB::ifAdminStatus.4 = INTEGER: down(2) IF-MIB::ifAdminStatus.124 = INTEGER: up(1) IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.124 = INTEGER: up(1) IF-MIB::ifLastChange.1 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.2 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.3 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.4 = Timeticks: (0) 0:00:00.00 IF-MIB::ifLastChange.124 = Timeticks: (0) 0:00:00.00 IF-MIB::ifInOctets.1 = Counter32: 250131 IF-MIB::ifInOctets.2 = Counter32: 769237506 IF-MIB::ifInOctets.3 = Counter32: 1931964371 IF-MIB::ifInOctets.4 = Counter32: 0 IF-MIB::ifInOctets.124 = Counter32: 0 IF-MIB::ifInUcastPkts.1 = Counter32: 2013 IF-MIB::ifInUcastPkts.2 = Counter32: 28086 IF-MIB::ifInUcastPkts.3 = Counter32: 11299956 IF-MIB::ifInUcastPkts.4 = Counter32: 0 IF-MIB::ifInUcastPkts.124 = Counter32: 0 IF-MIB::ifInNUcastPkts.1 = Counter32: 0 IF-MIB::ifInNUcastPkts.2 = Counter32: 0 IF-MIB::ifInNUcastPkts.3 = Counter32: 0 IF-MIB::ifInNUcastPkts.4 = Counter32: 0 IF-MIB::ifInNUcastPkts.124 = Counter32: 0 IF-MIB::ifInDiscards.1 = Counter32: 0 IF-MIB::ifInDiscards.2 = Counter32: 147 IF-MIB::ifInDiscards.3 = Counter32: 12 IF-MIB::ifInDiscards.4 = Counter32: 0 IF-MIB::ifInDiscards.124 = Counter32: 0 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.4 = Counter32: 0 IF-MIB::ifInErrors.124 = Counter32: 0 IF-MIB::ifInUnknownProtos.1 = Counter32: 0 IF-MIB::ifInUnknownProtos.2 = Counter32: 0 IF-MIB::ifInUnknownProtos.3 = Counter32: 0 IF-MIB::ifInUnknownProtos.4 = Counter32: 0 IF-MIB::ifInUnknownProtos.124 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 250131 IF-MIB::ifOutOctets.2 = Counter32: 1814572 IF-MIB::ifOutOctets.3 = Counter32: 1933058433 IF-MIB::ifOutOctets.4 = Counter32: 0 IF-MIB::ifOutOctets.124 = Counter32: 0 IF-MIB::ifOutUcastPkts.1 = Counter32: 2013 IF-MIB::ifOutUcastPkts.2 = Counter32: 20844 IF-MIB::ifOutUcastPkts.3 = Counter32: 11300733 IF-MIB::ifOutUcastPkts.4 = Counter32: 0 IF-MIB::ifOutUcastPkts.124 = Counter32: 0 IF-MIB::ifOutNUcastPkts.1 = Counter32: 0 IF-MIB::ifOutNUcastPkts.2 = Counter32: 0 IF-MIB::ifOutNUcastPkts.3 = Counter32: 0 IF-MIB::ifOutNUcastPkts.4 = Counter32: 0 IF-MIB::ifOutNUcastPkts.124 = Counter32: 0 IF-MIB::ifOutDiscards.1 = Counter32: 0 IF-MIB::ifOutDiscards.2 = Counter32: 0 IF-MIB::ifOutDiscards.3 = Counter32: 0 IF-MIB::ifOutDiscards.4 = Counter32: 0 IF-MIB::ifOutDiscards.124 = Counter32: 0 IF-MIB::ifOutErrors.1 = Counter32: 0 IF-MIB::ifOutErrors.2 = Counter32: 0 IF-MIB::ifOutErrors.3 = Counter32: 0 IF-MIB::ifOutErrors.4 = Counter32: 0 IF-MIB::ifOutErrors.124 = Counter32: 0 IF-MIB::ifOutQLen.1 = Gauge32: 0 IF-MIB::ifOutQLen.2 = Gauge32: 0 IF-MIB::ifOutQLen.3 = Gauge32: 0 IF-MIB::ifOutQLen.4 = Gauge32: 0 IF-MIB::ifOutQLen.124 = Gauge32: 0 IF-MIB::ifSpecific.1 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.2 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.3 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.4 = OID: SNMPv2-SMI::zeroDotZero IF-MIB::ifSpecific.124 = OID: SNMPv2-SMI::zeroDotZero
Step 15: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Step 16: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output matches the following regular expressions:
SNMP table:.*::ifTableShow output
SNMP table: IF-MIB::ifTable ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus 1 lo softwareLoopback 65536 10000000 up up 2 eth0 ethernetCsmacd 1500 0 de:ad:be:ef:6c:0 up up 3 eth1 ethernetCsmacd 1500 0 de:ad:be:ef:6c:1 down down 4 ip_vti0 tunnel 1480 0 down down 124 dum0 ethernetCsmacd 1500 0 92:fd:fe:de:5a:ff up up SNMP table IF-MIB::ifTable, part 2 ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos 0:0:00:00.00 251403 2025 0 0 0 0 0:0:00:00.00 769239631 28100 0 147 0 0 0:0:00:00.00 1931964371 11299956 0 12 0 0 0:0:00:00.00 0 0 0 0 0 0 0:0:00:00.00 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 3 ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 251403 2025 0 0 0 0 1818714 20858 0 0 0 0 1933058433 11300733 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 SNMP table IF-MIB::ifTable, part 4 ifSpecific SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero SNMPv2-SMI::zeroDotZero
Note
After configuring SNMP to listen on the ‘20.0.0.1‘ address, neither local nor DUT1 requests should be allowed.
Step 17: Modify the following configuration lines in DUT0 :
delete service snmp listen address 10.0.0.1 set service snmp listen address 20.0.0.1
Step 18: Run command service snmp walk local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 19: Run command service snmp walk remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
::ifDescr\.1 = STRING: "?lo"?Show output
snmpbulkwalk: Timeout (Sub-id not found: (top) -> ifTable)
Step 20: Run command service snmp table local-agent v3 USER2TEST oid ifTable at DUT0 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)
Step 21: Run command service snmp table remote-agent 10.0.0.1 v3 USER2TEST oid ifTable at DUT1 and check if output does not match the following regular expressions:
SNMP table:.*::ifTableShow output
snmptable: Timeout (Sub-id not found: (top) -> ifTable)