Readme for the AclTableExample

Example on Access control (ACL) and View access control (VACL) for SNMP v1/v2c Agent

Introduction:

This explains on an example Agent configured for different communities with different access levels. This Agent implementation helps to understand how to use the Acl Table implementation and use it for "community based authentication".

Overview:

In this example we have defined an Agent for the "AGENT-SAMPLE-MIB". There are four communities configured with various access levels in this Agent. The access levels are as described below,

NO_ACCESS(0) - Restricting access completely.

READ_ONLY(1) - Allowing only read access.

WRITE_ONLY(2)- Allowing only write access..

READ_WRITE(3)- Allowing both read and write access.

The example Agent will get started with four communities in the aclTable and two communites in the vaclTable with access levels, manager lists and the status of their registration are as follows:

In aclTable:

Community Name(aclCommunity)	Access Level (aclAccess)	Managers (aclManagers)	Row Status (aclStatus)
public	READ_WRITE (3)	All Managers(0:0:0:0)	ACTIVE (1)
private	READ_ONLY (1)	localhost;192.168.1.93;karthikn;rajeshr	ACTIVE (1)
advent	WRITE_ONLY (2)	localhost;192.168.1.93;gkrishna;kashok	ACTIVE (1)
adventnet	NO_ACCESS (0)	localhost;192.168.1.19;valli	ACTIVE (1)

In vaclTable:

Community Name (aclCommunity - External Index)	MIB Views (vaclmibViews - allows access for variables coming under the specified OID)	Row Status (vaclviewStatus)
public	.1.3.6	ACTIVE (1)
private	.1.3.6.1.4.1.2162.4.1	ACTIVE (1)
advent	.1.3.6.1.4.1.2162.4.3	ACTIVE (1)
adventnet	.1.3.6.1.4.1.2162.1.2	ACTIVE (1)

These entries are stored in the,

for aclTable - "<Installation Directory>\AdventNet\JavaAgent\examples\snmp\accessControlTable\agent\bin\conf\AccessControlTable.xml"
for vaclTable - "<Installation Directory>\AdventNet\JavaAgent\examples\snmp\accessControlTable\agent\bin\conf\ViewAccessControlTable.xml"

which gets loaded when the Agent gets started. After the Agent is started the entries for this table can be modified/added/deleted remotely using the "aclTable" present in the "AGENT-SNMP-CONFIG-MIB". Remote configuration of this table can be prevented by commenting the code

acl = new com.adventnet.snmp.snmp2.agent.AclTableRequestHandler((SnmpAgent)this, aclTable);
acl.addRegistrationListener(hdlr);

in the "AclandVaclTableExample.java" file.

Source files:

Example is generated for AGENT-SAMPLE-MIB with aclTable and vaclTable option enabled in the MibCompiler->Project -> Settings menu.

Main file will contain the following to enable this feature.

* aclTable and vaclTable are instantiated from com.adventnet.snmp.snmp2.agent package.

* Tables Registered with PduRequestHandler.

Compilation:

1. Go to the directory,

"<Installation Directory>\AdventNet\JavaAgent\examples\snmp\aclandvacl\agent\bin"

2. Compile the source by executing,

sh compile.sh (for Linux users) OR
compile (for Windows Users)

Running the Agent:

1. Go to the "<Installation Directory>\AdventNet\JavaAgent\examples\snmp\aclandvacl\agent\bin" directory and execute,

sh run.sh <options>(OR)
run <options>

where, <options> specify the options in which you want to start the Agent.

Now test the Agent with snmp requests with the above communities. Try to add new communities, delete available communities and modifying access values . Similarly test the Agent with different community for different views as it is mentioned in the above tables.