Hi!
You really like to bend the rules, don't you :) Keep it up, I like it!
I tried this in a Juniper EX:
admin@EX2200# show snmp | display set
set snmp community public authorization read-only
set snmp community test authorization read-only
set snmp community "test\\" authorization read-only"
set snmp community "test\\test" authorization read-only
It turned out kind of weird:
admin@EX2200# show snmp
community rwcomm {
authorization read-only;
client-list-name TELE2-MGMT;
}
community public {
authorization read-only;
}
community test {
authorization read-only;
}
community "test\\" authorization read-only"; <- Not the normal
syntax, but checks out!
community "test\\test" {
authorization read-only;
}
committed and running...
snmpbulkwalk -v 2c -c 'test\\test' 10.67.11.253 SNMPv2-MIB::sysDescr -m all
SNMPv2-MIB::sysDescr.0 = STRING: Juniper Networks, Inc. ex2200-c-12p-2g
Ethernet Switch, kernel JUNOS 15.1R1.8, Build date: 2015-05-29 08:09:50
UTC Copyright (c) 1996-2015 Juniper Networks, Inc.
# snmpbulkwalk -v 2c -c 'test\\test' 10.67.11.253 SNMPv2-MIB::sysDescr
-m all
SNMPv2-MIB::sysDescr.0 = STRING: Juniper Networks, Inc. ex2200-c-12p-2g
Ethernet Switch, kernel JUNOS 15.1R1.8, Build date: 2015-05-29 08:09:50
UTC Copyright (c) 1996-2015 Juniper Networks, Inc.
tcpdump of it:
08:42:53.851825 IP (tos 0x0, ttl 64, id 61330, offset 0, flags [DF],
proto UDP (17), length 74)
10.67.11.11.50819 > 10.67.11.253.161: { SNMPv2c C=test\\test {
GetBulk(27) R=578438959 N=0 M=10 .1.3.6.1.2.1.1.1 } }
08:42:53.893568 IP (tos 0x0, ttl 64, id 8022, offset 0, flags [none],
proto UDP (17), length 400)
10.67.11.253.161 > 10.67.11.11.50819: { SNMPv2c C=test\\test {
GetResponse(349) R=578438959 .1.3.6.1.2.1.1.1.0="Juniper Networks, Inc.
ex2200-c-12p-2g Ethernet Switch, kernel JUNOS 15.1R1.8, Build date:
2015-05-29 08:09:50 UTC Copyright (c) 1996-2015 Juniper Networks, Inc."
.1.3.6.1.2.1.1.2.0=.1.3.6.1.4.1.2636.1.1.1.2.43
.1.3.6.1.2.1.1.3.0=851048621 .1.3.6.1.2.1.1.4.0=""
.1.3.6.1.2.1.1.5.0="EX2200" .1.3.6.1.2.1.1.6.0="" .1.3.6.1.2.1.1.7.0=6
.1.3.6.1.2.1.2.1.0=63 .1.3.6.1.2.1.2.2.1.1.4=4 .1.3.6.1.2.1.2.2.1.1.5=5 } }
I also tried "test\test" for community and it worked (and sent
"test\test" on the wire according to tcpdump).
So, in the Juniper case, it actually works. JunOS seems to interpret the
first "test \\" in a special way (seems to include the " in the
process), but the others work like a charm.
Even an Alcatel 6250-8M works:
# snmpbulkwalk -v 2c -c 'test\\test' 10.67.11.5 SNMPv2-MIB::sysDescr -m all
SNMPv2-MIB::sysDescr.0 = STRING: Alcatel-Lucent OS6250-8M 6.7.1.108.R04
Service Release, January 04, 2017.
That said, I wouldn't trust this method to work on any given system
without testing, so I'd strongly advise against using \ in a community
for devices where you may or may not have 100 % control of them. It
could even be that in the next software release you put on a
switch/router/... it stops working, not to mention how to use these
special communities in different NMS applications. I'm pretty sure you
can easily find a switch model that won't interpret the \ correctly in a
community. Just because it works at one point, doesn't necessaily mean
that it's a good idea to use it :)
/Fredrik
Den 2017-02-14 kl. 22:10, skrev christopher.wu:
> I'm trying to determine if a community name or userid can contain a
> backslash. I've created a v2c SNMP community name called "testing\" and I
> cannot get it to work with an snmpwalk (I tried with version 5.7.3 on Linux).
> I realize that backslash is an escape character so I made sure to account
> for that in the command line.
>
> snmpwalk -m ALL -M . -v 2c -c testing\\ 10.10.11.1 sysUpTime
> Timeout: No Response from 10.10.11.1
>
> I did a trace to verify that "testing\" is sent via the network.
>
> sudo tcpdump -n -vvv -i eth0 port 161
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
> bytes
> 19:02:11.223073 IP (tos 0x0, ttl 64, id 26922, offset 0, flags [DF], proto
> UDP (17), length 72)
> 10.10.11.2.44029 > 10.10.11.1.161: [bad udp cksum 0x2a5c -> 0x6912!] {
> SNMPv2c C=testing\ { GetNextRequest(27) R=1008098937 .1.3.6.1.2.1.1.3 } }
> 19:02:12.224149 IP (tos 0x0, ttl 64, id 26989, offset 0, flags [DF], proto
> UDP (17), length 72)
> 10.10.11.2.44029 > 10.10.11.1.161: [bad udp cksum 0x2a5c -> 0x6912!] {
> SNMPv2c C=testing\ { GetNextRequest(27) R=1008098937 .1.3.6.1.2.1.1.3 } }
> 19:02:13.225253 IP (tos 0x0, ttl 64, id 27002, offset 0, flags [DF], proto
> UDP (17), length 72)
>
> I even modified the code in netsnmp_udp_getSecName() to verify that
> "testing\" was being compared and both sides of the comparison had that value.
>
> If I remove the backslash it works fine. Is backslash not allowed or is this
> a bug?
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Net-snmp-users mailing list
> Net-snmp-users@lists.sourceforge.net
> Please see the following page to unsubscribe or change other options:
> https://lists.sourceforge.net/lists/listinfo/net-snmp-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
