Илья Рассадин <elcaml...@gmail.com> writes: > Hi! > > It looks like the password issue, maybe password is incorrect or not > set properly?
Why would I need a password with perl when I don't need one with snmpget? It turned out to be an acl on the switch having assumed unexpected values: ,---- | #H3C-acl-basic-2000-heimdali]rule 10 permit source 192.168.3.20 255.255.255.0 time-range always | [H3C-acl-basic-2000-heimdali]display this | # | acl number 2000 name heimdali | description allow SNMP | rule 10 permit source 0.0.0.20 255.255.255.0 time-range always | rule 20 deny | # | return `---- I think that's weird. ,---- | [H3C-acl-basic-2000-heimdali]rule 10 permit source 192.168.3.20 0.0.0.0 time-range always | [H3C-acl-basic-2000-heimdali]display this | # | acl number 2000 name heimdali | description allow SNMP | rule 10 permit source 192.168.3.20 0 time-range always | rule 20 deny | # | return `---- This is still weird, but it works. --- The switch requires you to create a time range, an acl, SNMP user and group and then you get to decide how that user must authenticate, which is either with a password or an acl. --- The user I created is supposed to be authenticated via the acl. He doesn't need a password. Net::SNMP gives an error message that password must be specified while snmpget works without one. What's behind that, and why didn't the acl apply to requests made with snmpget? (Maybe it applies to the given user only when a password is used, which would defeat the purpose of the acl entirely.) > This value (16) can be stored on the device. The (apparently failed) login attempts were not logged by the switch. Why would it store a counter, thus effectively allowing an attacker to modify data by failing logins, without even logging them? > Did you try to reboot host.example.com and see the value of > usmStatsWrongDigest counter? Nah, I don't want to reboot the switch for that. If the information isn't somehow kept on the host on which the perl program is started, I don't see where else it would be stored than on the switch. After all, using SNMP requires less overhead than using ssh to get the temperature reading (it's even made for that), so no now that it works, I'll use that. -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
