Hello.
I request a new resource to comply with rfc3430 chapter 2:
Hello.
I request a new resource to comply with rfc3430 chapter 2:
- SNMP over TCP
SNMP over TCP is an optional transport mapping. It is primarily
defined to support more efficient bulk transfer mechanisms within the
SNMP framework [5].
Attached are suggestions for enabling SNMP over TCP.
I would also like to suggest a standard option to define the standard SNMP port similar to what is done in SSH. Example:
set service ssh port 48022 set service snmp port 48161
Option to standardize the SNMP port by the transport protocol:
set service snmp transport udp # <standard, UDP (ipv4 and ipv6) set service snmp transport tcp # <change to standard tcp (ipv4 and ipv6), without udp set service snmp transport both # both / all, <tcp and udp, ipv4 and ipv6 set service snmp transport udp-ipv4-only # <explicit udp ipv4 only set service snmp transport udp-ipv6-only # <explicit udp ipv6 only set service snmp transport tcp-ipv4-only # <explicit tcp ipv4 only set service snmp transport tcp-ipv6-only # <explicit tcp ipv6 only
DIFF PATCH:
--- /usr/libexec/vyos/conf_mode/snmp.py 2020-08-04 23:00:46.072910104 +0000 +++ /usr/libexec/vyos/conf_mode/snmp.py 2020-08-04 23:22:04.951136121 +0000 @@ -123,7 +123,7 @@ {%- endif %} # Listen -agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},udp:161,udp6:161{% endif %} +agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},udp:161,udp6:161,tcp6:161,tcp:161{% endif %} # SNMP communities {%- for c in communities %} @@ -555,10 +555,10 @@ if vyos.validate.is_ipv4(addr): # example: udp:127.0.0.1:161 - listen = 'udp:' + addr + ':' + port + listen = 'udp:' + addr + ':' + port + ',tcp:' + addr + ':' + port else: # example: udp6:[::1]:161 - listen = 'udp6:' + '[' + addr + ']' + ':' + port + listen = 'udp6:' + '[' + addr + ']' + ':' + port + ',tcp6:' + '[' + addr + ']' + ':' + port # We only wan't to configure addresses that exist on the system. # Hint the user if they don't exist
Vyos Config:
set service snmp community public authorization 'ro' set service snmp contact 'Admin' set service snmp description 'VyOS-Router' set service snmp location '-22.962002, -43.212348'
CHECK:
cat /etc/snmp/snmpd.conf | egrep -v '(^#|^$)'
OUTPUT:
sysObjectID 1.3.6.1.4.1.44641 sysServices 14 master agentx agentXPerms 0777 0777 pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias smuxpeer .1.3.6.1.2.1.83 smuxpeer .1.3.6.1.2.1.157 smuxsocket localhost iquerySecName vyos799e300d1651f916 notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 sysDescr VyOS 1.2.5 SysDescr VyOS-Router agentaddress unix:/run/snmpd.socket,udp:161,udp6:161,tcp6:161,tcp:161 rocommunity public rocommunity6 public SysContact Admin SysLocation -22.962002, -43.212348
With LISTEN:
set service snmp listen-address 127.0.0.1 port '48161' set service snmp listen-address 172.19.2.125 port '48161' set service snmp listen-address 2001:db8:19:2::125 port '48161'
Output (/etc/snmp/snmpd.conf):
# Listen agentaddress unix:/run/snmpd.socket,udp:127.0.0.1:48161,tcp:127.0.0.1:48161,udp:172.19.2.125:48161,tcp:172.19.2.125:48161,udp6:[2001:db8:19:2::125]:48161,tcp6:[2001:db8:19:2::125]:48161,udp6:[::1]:161,tcp6:[::1]:161
Problem:
I do not want door 161 open, I want the door to be 48161 and door 161 must be closed.
So I suggest as a solution the implementation of:
set service snmp port 48161
Testing:
# Test UDP over IPv4: snmpget -Ir -r6 -t3 -v2c -c public 'udp:172.19.2.125:48161' .1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: VyOS-Router # Test TCP over IPv4: snmpget -Ir -r6 -t3 -v2c -c public 'tcp:172.19.2.125:48161' .1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: VyOS-Router # Test UDP over IPv6: snmpget -Ir -r6 -t3 -v2c -c public 'udp6:[2001:db8:19:2::125]:48161' .1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: VyOS-Router # Test TCP over IPv6: snmpget -Ir -r6 -t3 -v2c -c public 'tcp6:[2001:db8:19:2::125]:48161' .1.3.6.1.2.1.1.1.0 snmpget -Ir -r6 -t3 -v2c -c public 'tcpipv6:[2001:db8:19:2::125]:48161' .1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: VyOS-Router
Thanks for your attention, I await implementation in 1.2.x or 1.3 rolling soon !