Alcatel-Lucent 7450 System Management Manual page 308
Ethernet service switch
Hide thumbs
Also See for 7450:
- Quality of service manual (912 pages) ,
- Manual (816 pages) ,
- Configuration manual (778 pages)
Table of Contents
Advertisement
SNMP Security Commands
snmp
Syntax
snmp
Context
config>system>security
Description
This command creates the context to configure SNMPv1, SNMPv2, and SNMPv3 parameters.
src-access-list
Syntax
src-access-list list-name
no src-access-list list-name
Context
config>system>security>snmp
Description
This command is used to identify a list of source IP addresses that can be used to validate SNMPv1
and SNMPv2c requests once the list is associated with one or more SNMPv1 and SNMPv2c
communities.
An src-address-list referenced by one or more community instances is used to verify the source IP
addresses of an SNMP request using the community regardless of which VPRN/VRF interface (or
'Base' interface) the request arrived on. For example, if an SNMP request arrives on an interface in
vprn 100 but the request is referencing a community, then the source IP address in the packet would
be validated against the src-address-list configured for the community. This occurs regardless of
whether the request is destined to a VPRN interface address and the VPRN has SNMP access
enabled, or the reques is destined to the base system address via GRT leaking. If the request's source
IP address does not match the ip-address of any of the src-hosts contained in the list, then the request
will be discarded and logged as an SNMP authentication failure.
Using src-access-list validation can have an impact on the time it takes for an SR OS node to reply to
an SNMP request. It is recommended to keep the lists short, including only the addresses that are
needed, and to place SNMP managers that send the highest volume of requests, such as the
5620 SAM, at the top of the list.
You can configure a maximum of 16 src-access-lists. Each src-access-list can contain a maximum of
16 src-hosts.
The no form of this command removes the named src-access-list. You cannot remove an src-access-
list that is referenced by one or more community instances.
Default
none
Parameters
list-name — Configures the name or key of the src-access-list. The list-name parameter must begin
Page 308
excluded - All MIB subtree objects that are identified with a 1 in the mask are denied access in
the view. (Default: included).
Default
included
with a letter (a-z or A-Z).
7450 ESS System Mangement Guide
Advertisement
Table of Contents
