3Com V7122 User Manual page 380

The concept of trusted managers is considered to be a weak form of security and is
therefore, not a required part of SNMPv3 security, which uses authentication and privacy.
However, the board's SNMP agent applies the trusted manager concept as follows:
There is no way to configure trusted managers for only a SNMPv3 user. An SNMPv2c
community string must be defined.
If specific IPs are configured as trusted managers (via the community table), then only
SNMPv3 users on those trusted managers are given access to the agent's MIB objects.
Configuration of Trusted Managers Using ini File
To set the Trusted Mangers table from start-up, write the following in the ini file:
SNMPTRUSTEDMGR_X = D.D.D.D
where X is any integer between 0 and 4 (0 sets the first table entry, 1 sets the second, and
so on), and D is an integer between 0 and 255.
Configuration of Trusted Managers Using SNMP
To configure Trusted Managers, the EM must use the SNMP-COMMUNITY-MIB, the
snmpTargetMIB and the snmpTargetMIB.
The procedure below assumes that there is at least one configured read-write community,
are currently no Trusted Managers, and the TransportTag for columns for all
snmpCommunityTable rows are currently empty.
To add the first Trusted Manager:
Add a row to the snmpTargetAddrTable with these values:
1
Name=mgr0
TagList=MGR
Params=v2cparams
Add a row to the snmpTargetAddrExtTable table with these values:
2
Name=mgr0
snmpTargetAddrTMask=255.255.255.255:0.
The agent does not allow creation of a row in this table unless a corresponding row
exists in the snmpTargetAddrTable.
Set the value of the TransportTag field on each non-TrapGroup row in the
3
snmpCommunityTable to MGR.
To add a subsequent Trusted Manager:
380
V7122 GatewayUser Guide