add documentation for async dns and snmpv3
This commit is contained in:
Oliver Gorwits
@@ -248,8 +248,20 @@ should always include C<rfc>. For example:
|
|||||||
|
|
||||||
Value: List of Strings. Default: C<public>.
|
Value: List of Strings. Default: C<public>.
|
||||||
|
|
||||||
A list of read-only SNMP community strings to try on each device. The working
|
A list of read-only SNMP community strings to try on each device. This is the
|
||||||
community will be cached in the database.
|
simplest way to configure your SNMPv1 or SNMPv2 community strings. For
|
||||||
|
example:
|
||||||
|
|
||||||
|
community:
|
||||||
|
- public
|
||||||
|
- anotherstring
|
||||||
|
- mycommunity
|
||||||
|
|
||||||
|
Each is tried in turn when polling the device, and then the working community
|
||||||
|
string will be cached in the database.
|
||||||
|
|
||||||
|
For fine-grained control over which communities are tried for which devices,
|
||||||
|
or to set SNMPv3 authentication, see C<snmp_auth>, below.
|
||||||
|
|
||||||
=head3 C<community_rw>
|
=head3 C<community_rw>
|
||||||
|
|
||||||
@@ -258,6 +270,80 @@ Value: List of Strings. Default: C<private>.
|
|||||||
A list of read-write SNMP community strings to try on each device. The working
|
A list of read-write SNMP community strings to try on each device. The working
|
||||||
community will be cached in the database.
|
community will be cached in the database.
|
||||||
|
|
||||||
|
This is the simplest way to configure SNMPv1 or SNMPv2 community strings. Each
|
||||||
|
is tried in turn when writing to the device, and then the working community
|
||||||
|
string will be cached in the database.
|
||||||
|
|
||||||
|
For fine-grained control over which communities are tried for which devices,
|
||||||
|
or to set SNMPv3 authentication, see C<snmp_auth>, below.
|
||||||
|
|
||||||
|
=head3 C<snmp_auth>
|
||||||
|
|
||||||
|
Value: List of Settings Trees. Default: Empty List.
|
||||||
|
|
||||||
|
This setting is used for SNMPv3 authentication configuration, and also
|
||||||
|
provides an alternative fine-grained control for SNMPv1 and SNMPv2 community
|
||||||
|
strings. You provide a list of authentication stanzas, and Netdisco will try
|
||||||
|
each in turn, then cache the one which works for a device.
|
||||||
|
|
||||||
|
Each stanza can be restricted for use only on specific IP prefixes (subnets),
|
||||||
|
and also limited to read (get) and/or write (set) operations. By default, a
|
||||||
|
stanza is enabled for all device IPs, for read access only. The "tag" of a
|
||||||
|
stanza is simply a friendly name used by Netdisco to refer to the
|
||||||
|
configuration.
|
||||||
|
|
||||||
|
snmp_auth:
|
||||||
|
-
|
||||||
|
community: public
|
||||||
|
-
|
||||||
|
write: true
|
||||||
|
communtiy: mycommunity
|
||||||
|
-
|
||||||
|
read: false
|
||||||
|
write: true
|
||||||
|
community: mycommunity2
|
||||||
|
-
|
||||||
|
tag: v3example
|
||||||
|
user: netdisco
|
||||||
|
auth:
|
||||||
|
pass: netdiscokey
|
||||||
|
proto: MD5
|
||||||
|
priv:
|
||||||
|
pass: netdiscokey2
|
||||||
|
proto: DES
|
||||||
|
-
|
||||||
|
tag: v3aclexample
|
||||||
|
user: netdisco2
|
||||||
|
only:
|
||||||
|
- 192.0.2.0/30
|
||||||
|
- 172.20.10.0/24
|
||||||
|
-
|
||||||
|
tag: v2aclexample
|
||||||
|
community: s3kr1t
|
||||||
|
read: false
|
||||||
|
write: true
|
||||||
|
only:
|
||||||
|
- 2001:db8::/32
|
||||||
|
|
||||||
|
|
||||||
|
For SNMPv1 and SNMPv2, only the C<community> key is required. You can add
|
||||||
|
C<read> and/or C<write> restrictions, and an IP restriction using C<only>.
|
||||||
|
Giving the stanza a C<tag> name is optional, but recommended.
|
||||||
|
|
||||||
|
For SNMPv3 the C<tag> and C<user> keys are required. You can add C<read>
|
||||||
|
and/or C<write> restrictions, and an IP restriction using C<only>. Providing
|
||||||
|
an C<auth> section enables the authentication security level. Providing a
|
||||||
|
C<priv> section enables the message encryption security level.
|
||||||
|
|
||||||
|
As per Net-SNMP, the default SNMPv3 authentication security method is MD5, and
|
||||||
|
the default encryption protocol is DES, with AES or AES256 being common
|
||||||
|
alternatives. Note that you cannot have C<priv> without C<auth>.
|
||||||
|
|
||||||
|
On some device platforms SNMPv3 contexts are used to macsuck each VLAN. For
|
||||||
|
this you usually configure a common context prefix, with Netdisco's default
|
||||||
|
being "C<vlan->" (i.e. C<vlan-1>, C<vlan-2>, etc). Add the C<context_prefix>
|
||||||
|
key to a stanza to override this.
|
||||||
|
|
||||||
=head3 C<bulkwalk_off>
|
=head3 C<bulkwalk_off>
|
||||||
|
|
||||||
Value: Boolean. Default C<false>.
|
Value: Boolean. Default C<false>.
|
||||||
@@ -445,6 +531,17 @@ Value: Number. Default: 0.
|
|||||||
Sets the minimum amount of time in seconds which must elapse between any two
|
Sets the minimum amount of time in seconds which must elapse between any two
|
||||||
arpnip jobs for a device.
|
arpnip jobs for a device.
|
||||||
|
|
||||||
|
=head3 C<dns>
|
||||||
|
|
||||||
|
Value: Settings Tree. Default: C<max_outstanding: 250>
|
||||||
|
|
||||||
|
After arpnip, each found IP will have its DNS name resolved. Similarly on
|
||||||
|
device discovery, all interface aliases will have their IPs resolved to names.
|
||||||
|
|
||||||
|
This setting controls how many outstanding DNS queries are permitted at any
|
||||||
|
time. You can also override this setting using the
|
||||||
|
C<PERL_ANYEVENT_MAX_OUTSTANDING_DNS> environment variable.
|
||||||
|
|
||||||
=head3 C<store_wireless_clients>
|
=head3 C<store_wireless_clients>
|
||||||
|
|
||||||
Value: Boolean. Default: C<true>.
|
Value: Boolean. Default: C<true>.
|
||||||
@@ -738,18 +835,6 @@ C<snmpforce_v3>
|
|||||||
|
|
||||||
C<timeout>
|
C<timeout>
|
||||||
|
|
||||||
=item *
|
|
||||||
|
|
||||||
C<v3_user>
|
|
||||||
|
|
||||||
=item *
|
|
||||||
|
|
||||||
C<v3_users>
|
|
||||||
|
|
||||||
=item *
|
|
||||||
|
|
||||||
C<v3_users_rw>
|
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
=cut
|
=cut
|
||||||
|
|||||||
Reference in New Issue
Block a user