[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | DEChub/HUBwatch/PROBEwatch CONFERENCE |
| Notice: | Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7 |
| Moderator: | NETCAD::COLELLA�DT |
|
| Created: | Wed Nov 13 1991 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 4455 |
| Total number of notes: | 16761 |
2485.0. "Can hub and modules have more RW communities????" by DECPRG::PAVLUP () Fri Jul 07 1995 06:51
I'd like to have a question on behalf of a customer (and to get educated
myself), regarding SNMP communities in DEChub 900 and modules.
The customer would like to separate access of network "managers" and network
"operators" to 900 hubs and modules. While manager should have rw access to
any hub and module, the operator should have ro access everywhere, and rw
access to some specified modules (repeaters, terminal servers, but not to
backbone modules as bridges, concentrators).
The original idea was to set up one ro community and two rw communities through
the network, where one rw community would be setup on any DEChub MAM and
any module, while the other only on modules that the operator should be
able to manage rw.
I first found a problem to setup a different ro and rw community but after
reading 1958, 1517, and 845, I see how this works. However, I still don't know
whether it is possible to implement the above scenario based on two different
wr communities on modules and hubs. Could anyone comment on this? I.e.
whether it is possible to set more than one rw community (on hub and on
modules). I can see that the customer's policy can be set-up with some
modifications by using one rw community per hub/module, but before discussing
with the customer, I'd like to know whether we can or cannot do it, as the
original wish is...
Thanks for any response and suggestion.
Regards Petr.
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 2485.1 | Only one community for each. | NETCAD::GALLAGHER | | Fri Jul 07 1995 10:09 | 19 |
|
You called it.
> I can see that the customer's policy can be set-up with some
>modifications by using one rw community per hub/module, but before
>discussing with the customer, I'd like to know whether we can or cannot
>do it, as the original wish is...
No, we don't support that level of access control. The Hub Management
Agent Module, and most modules, support only one read-write community and
one read-only community.
Sorry, you'll have to do it using communities for each module.
(The limit is due to older modules having very limited non-volatile storage.
We could add more communities if enough people ask for it. The next version
of SNMP will likely solve this problem by providing MIB level access control.)
-Shawn
|
| 2485.2 | Thanks, I'll do it the other way | DECPRG::PAVLUP | | Fri Jul 07 1995 11:10 | 5 |
| Thanks Shawn,
it's better to be sure...
Regards Petr.
|