rc/network
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

access: limit OIDs exposed over SNMP

Browse source 
Define a custom SNMP group with read access only to fields we need.

For D-Link switches, modifying the group must be handled the same as
user, i.e. the group (and user) must be removed and readded.

Untested for FS S5800.
This commit is contained in:
Timotej Lazar 2025-10-22 13:43:07 +02:00
parent 2c93cab682
commit 7a2223ea71
5 changed files with 61 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/access/templates/config-fs-s5800-48t4s.j2
View file

@ -17,7 +17,11 @@ vlan database
snmp-server enable
snmp-server system-location {{ rack }}
snmp-server engineID {{ snmp_engine_id }}
snmp-server access public security-model usm priv read _all_
snmp-server view public included 1.3.6.1.2.1.1 {# system +#}
snmp-server view public included 1.3.6.1.2.1.2 {# interfaces +#}
snmp-server view public included 1.3.6.1.2.1.17.7 {# qBridgeMIB +#}
snmp-server view public included 1.3.6.1.2.1.31 {# ifMIB +#}
snmp-server access public security-model usm priv read public
{# sort to ensure LAG interfaces are added last #}
{% for iface in interfaces | sort(attribute="type.value") | sort(attribute="mgmt_only") %}