### Autogenerated by snmp.py ### # non configurable defaults sysObjectID 1.3.6.1.4.1.44641 sysServices 14 master agentx agentXPerms 0777 0777 pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias smuxpeer .1.3.6.1.2.1.83 smuxpeer .1.3.6.1.2.1.157 smuxsocket localhost # linkUp/Down configure the Event MIB tables to monitor # the ifTable for network interfaces being taken up or down # for making internal queries to retrieve any necessary information iquerySecName {{ vyos_user }} # Modified from the default linkUpDownNotification # to include more OIDs and poll more frequently notificationEvent linkUpTrap linkUp ifIndex ifDescr ifType ifAdminStatus ifOperStatus notificationEvent linkDownTrap linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus monitor -r 10 -e linkUpTrap "Generate linkUp" ifOperStatus != 2 monitor -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2 # Remove all old ifTable entries with the same ifName as newly appeared # interface (with different ifIndex) - this is the case on e.g. ppp interfaces interface_replace_old yes ######################## # configurable section # ######################## # Default system description is VyOS version sysDescr VyOS {{ version }} {% if description is vyos_defined %} # Description SysDescr {{ description }} {% endif %} # Listen {% set options = [] %} {% if listen_address is vyos_defined %} {% for address, address_options in listen_address.items() %} {% if address | is_ipv6 %} {% set protocol = protocol ~ '6' %} {% endif %} {% set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %} {% endfor %} {% else %} {% set _ = options.append(protocol ~ ':161') %} {% set _ = options.append(protocol ~ '6:161') %} {% endif %} agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} # SNMP communities {% if community is vyos_defined %} {% for comm, comm_config in community.items() %} {% if comm_config.client is vyos_defined %} {% for client in comm_config.client %} {% if client | is_ipv4 %} {{ comm_config.authorization }}community {{ comm }} {{ client }} -V RESTRICTED {% elif client | is_ipv6 %} {{ comm_config.authorization }}community6 {{ comm }} {{ client }} -V RESTRICTED {% endif %} {% endfor %} {% endif %} {% if comm_config.network is vyos_defined %} {% for network in comm_config.network %} {% if network | is_ipv4 %} {{ comm_config.authorization }}community {{ comm }} {{ network }} -V RESTRICTED {% elif network | is_ipv6 %} {{ comm_config.authorization }}community6 {{ comm }} {{ network }} -V RESTRICTED {% endif %} {% endfor %} {% endif %} {% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} {{ comm_config.authorization }}community {{ comm }} -V RESTRICTED {{ comm_config.authorization }}community6 {{ comm }} -V RESTRICTED {% endif %} {% endfor %} {% endif %} # Default RESTRICTED view view RESTRICTED included .1 80 {% if 'ip-route-table' not in oid_enable %} # ipRouteTable oid: excluded view RESTRICTED excluded .1.3.6.1.2.1.4.21 {% endif %} {% if 'ip-net-to-media-table' not in oid_enable %} # ipNetToMediaTable oid: excluded view RESTRICTED excluded .1.3.6.1.2.1.4.22 {% endif %} {% if 'ip-net-to-physical-phys-address' not in oid_enable %} # ipNetToPhysicalPhysAddress oid: excluded view RESTRICTED excluded .1.3.6.1.2.1.4.35 {% endif %} {% if 'ip-forward' not in oid_enable %} # ipForward oid: excluded view RESTRICTED excluded .1.3.6.1.2.1.4.24 {% endif %} {% if contact is vyos_defined %} # system contact information SysContact {{ contact }} {% endif %} {% if location is vyos_defined %} # system location information SysLocation {{ location }} {% endif %} {% if smux_peer is vyos_defined %} # additional smux peers {% for peer in smux_peer %} smuxpeer {{ peer }} {% endfor %} {% endif %} {% if trap_target is vyos_defined %} # if there is a problem - tell someone! {% for trap, trap_config in trap_target.items() %} trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }} {% endfor %} {% endif %} {% if v3 is vyos_defined %} # # SNMPv3 stuff goes here # {% if v3.view is vyos_defined %} # views {% for view, view_config in v3.view.items() %} {% if view_config.oid is vyos_defined %} {% for oid in view_config.oid %} view {{ view }} included .{{ oid }} {% endfor %} {% endif %} {% endfor %} {% endif %} # access {% if v3.group is vyos_defined %} # context sec.model sec.level match read write notif {% for group, group_config in v3.group.items() %} access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {{ 'none' if group_config.mode == 'ro' else group_config.view }} none {% endfor %} {% endif %} # trap-target {% if v3.trap_target is vyos_defined %} {% for trap, trap_config in v3.trap_target.items() %} {% set options = '' %} {% if trap_config.type == 'inform' %} {% set options = options ~ ' -Ci' %} {% endif %} {% if v3.engineid is vyos_defined %} {% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %} {% endif %} {% if trap_config.user is vyos_defined %} {% set options = options ~ ' -u ' ~ trap_config.user %} {% endif %} {% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %} {% set options = options ~ ' -a ' ~ trap_config.auth.type %} {% if trap_config.auth.plaintext_password is vyos_defined %} {% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %} {% elif trap_config.auth.encrypted_password is vyos_defined %} {% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %} {% endif %} {% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %} {% set options = options ~ ' -x ' ~ trap_config.privacy.type %} {% if trap_config.privacy.plaintext_password is vyos_defined %} {% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %} {% elif trap_config.privacy.encrypted_password is vyos_defined %} {% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %} {% endif %} {% set options = options ~ ' -l authPriv' %} {% else %} {% set options = options ~ ' -l authNoPriv' %} {% endif %} {% else %} {% set options = options ~ ' -l noAuthNoPriv' %} {% endif %} trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }} {% endfor %} {% endif %} # group {% if v3.user is vyos_defined %} {% for user, user_config in v3.user.items() %} group {{ user_config.group }} usm {{ user }} {% endfor %} {% endif %} {# SNMPv3 end #} {% endif %} {% if script_extensions.extension_name is vyos_defined %} # extension scripts {% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %} extend {{ script }} {{ script_config.script }} {% endfor %} {% endif %}