RE: [squid-users] snmpwalk issue squid 2.5 from Matt Ausmus on 2008-12-09 (squid-users)

From: Matt Ausmus <mausmus_at_chapman.edu>
Date: Tue, 9 Dec 2008 11:02:22 -0800

Whoops! Meant for my response to go to the message board for anyone else having this issue. Henrik, your idea worked perfectly. I thing I found was if I used multiple variables (chapman1 chapman2 chapman3 where each variable is an acl representing a subnet), I couldn't combine them on 1 line.

"Snmp_access allow chapmansnmp chapman1 chapman2 chapman3" would not work. I had to give each variable a separate line:
"snmp-access allow chapmansnmp chapman1"
"snmp-access allow chapmansnmp chapman2"
"snmp-access allow chapmansnmp chapman3"

And then it worked like a charm. Thanks!
____________________________
Matt Ausmus
Network Administrator
Chapman University
635 West Palm Street
Orange, CA 92868
(714)628-2738
mausmus_at_chapman.edu

“You can lead a horse to water, but if you can get him to float on his back, you’ve got something.”
-HARTLEY’S FIRST LAW

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik_at_henriknordstrom.net]
Sent: Monday, December 08, 2008 4:47 PM
To: Ausmus, Matt
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] snmpwalk issue squid 2.5

mån 2008-12-08 klockan 10:34 -0800 skrev Ausmus, Matt:
> First off , I'm posting this question here because it appears the SNMP mailing list is now defunct. If this is the wrong list to post this please let me know and I'll repost it in the correct one.
>
> First I'm running squid with snmp enabled on Centos 4.7. the version of squid is the most recent offered for 4.7: squid-2.5.STABLE14-4.el4. this is my entire snmp configuration (with names and variables changed to protect the innocent ;-))
> acl chapmansnmp snmp_community publ!c
> snmp_port 3401
> snmp_access deny chapmansnmp !chapman1

That's not right. Squid access rules has an implicity inverse of the
last rule, i.e. the above is implicit followed by

snmp_access allow all

And says allow anyone to query for SNMP, except that only chapman1 is
allowed to use the public snmp community. Any other community is ok for
anyone to use, just not public.

You probably want

snmp_access allow chapmansnmp chapman1

which gets implicitly followed by

snmp_access deny all

Regards
Henrik
Received on Tue Dec 09 2008 - 19:03:11 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 10 2008 - 12:00:02 MST