SNMP disabling... 3

[BFreshour]

I have Motorola Surfboard SB3100 and whenever I create the DOCSIS CPE Configuration file with the correct SNMP strings to disable the public and private community strings it never seems to work and I'm still able to 'walk' into my modem using 'Docsdiag'. Is it possible for SNMP configuration to be stored in firmware and not be over-writable such as the case here? Or do I have something done incorrectly?

These are the strings I added to my configuration file:

docsDevNmAccessStatus.1 = 5
docsDevNmAccessIp.1 = 255.255.255.255
docsDevNmAccessIpMask.1 = 0.0.0.0
docsDevNmAccessCommunity.1 = "Public"
docsDevNmAccessControl.1 = 2
docsDevNmAccessInterfaces.1 = "0xc0"
docsDevNmAccessStatus.1 = 2

docsDevNmAccessStatus.2 = 5
docsDevNmAccessIp.2 = 10.0.0.0
docsDevNmAccessIpMask.2 = 255.0.0.0
docsDevNmAccessCommunity.2 = "Private"
docsDevNmAccessControl.2 = 2
docsDevNmAccessInterfaces.2 = "0x40"
docsDevNmAccessStatus.2 = 2



Also, would it be easier for me just to block port 161 (used for SNMP transmissions) with something like:

docsDevFilterIpDefault.0 = 2
docsDevFilterIpStatus.1 = 5
docsDevFilterIpControl.1 = 1
docsDevFilterIpIfIndex.1 = 0
docsDevFilterIpDirection.1 = 3
docsDevFilterIpBroadcast.1 = 2
docsDevFilterIpSaddr.1 = 0.0.0.0
docsDevFilterIpSmask.1 = 0.0.0.0
docsDevFilterIpDaddr.1 = 0.0.0.0
docsDevFilterIpDmask.1 = 0.0.0.0
docsDevFilterIpProtocol.1 = 6
DocsDevFilterIpSourcePortLow.1 = 0
DocsDevFilterIpSourcePortHigh.1 = 65535
docsDevFilterIpDestPortLow.1 = 161
DocsDevFilterIpDestPortHigh.1 = 161
docsDevFilterIpStatus.1 = 1

docsDevFilterIpStatus.1 = 5
docsDevFilterIpControl.1 = 1
docsDevFilterIpIfIndex.1 = 0
docsDevFilterIpDirection.1 = 3
docsDevFilterIpBroadcast.1 = 2
docsDevFilterIpSaddr.1 = 0.0.0.0
docsDevFilterIpSmask.1 = 0.0.0.0
docsDevFilterIpDaddr.1 = 0.0.0.0
docsDevFilterIpDmask.1 = 0.0.0.0
docsDevFilterIpProtocol.1 = 17
DocsDevFilterIpSourcePortLow.1 = 0
DocsDevFilterIpSourcePortHigh.1 = 65535
docsDevFilterIpDestPortLow.1 = 161
DocsDevFilterIpDestPortHigh.1 = 161
docsDevFilterIpStatus.1 = 1

 

[DikkeChill]

Well you'd have to enter them in numeric form into your docsis configuration file, after the classOfService {}
Like:
SnmpMibObject .1.3.6.1.2.1.69.1.2.1.7.1 = 5;

I do not however have a MIB reference guide for the docsDevFilter*
and docsDevNmAccess*. Perhaps you do?

You can find some info @ cisco though.

 

[rule0]

docsDevNmAccessStatus.1 = 2
should be
docsDevNmAccessStatus.1 = 1

1 : Activate
2 : Deactivate
4 : Create and activate
5 : Create and deactivate
6 : Delete

 

[keo2]

What program are you guys using to disable snmp access into your modem?

 

[lgolad]

I'm afraid docsDevNmAccessStatus values 1,2,3 are status only ( read only ):

1 : active
2 : not in service
3 : not ready

you should set it to 4 instead:

4 : create and go
5 : create ang wait
6 : destroy

I'm using snmp toolkit ( snmpget, snmpset ... )

Even with this, the only effect i get is disabling write access to all MIBs.
SNMP reading is still working.

So if someone can do better.... let me know
lgolad@boursorama.com