From f2951eef5edb2a53c11a6d361aeea8692a097e1a Mon Sep 17 00:00:00 2001 From: "Nicholas Blair (wsl@nblair2-38373s)" Date: Thu, 30 Oct 2025 10:43:29 -0600 Subject: [PATCH] feat(vrouter): SNMP configuration vyos/vyatta --- docs/apps.md | 62 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 58 insertions(+), 4 deletions(-) diff --git a/docs/apps.md b/docs/apps.md index 6d3257a..4608af6 100644 --- a/docs/apps.md +++ b/docs/apps.md @@ -39,7 +39,7 @@ spec: metadata: ipsec: - local: 10.0.10.2 - remote 10.0.40.2 + remote: 10.0.40.2 peer: rtr2 tunnels: - local: 192.168.10.0/24 @@ -83,9 +83,33 @@ spec: dnsServers: - 192.168.0.254 staticAssignments: - 00:00:00:00:00:BB: 192.168.0.50 + "00:00:00:00:00:BB": 192.168.0.50 dns: - 1.2.3.4: foo.com + "1.2.3.4": foo.com + snmp: + system_name: edge-router-01 + location: "Lab A, Rack 2, U 24" + contact: "network-admins@example.com" + communities: + - name: readonly-community + authorization: ro + clients: + - 10.0.1.10 + - 10.0.2.0/24 + view: restricted + trap_targets: + - 10.0.50.5 + views: + - name: restricted + entries: + - oid: 1.3.6.1.2.1.1 + permission: included + - oid: 1.3.6.1.2.1.2 + permission: included + - name: readwrite-community + authorization: rw + clients: + - 10.0.1.11 snat: - interface: eth0 srcAddr: 192.168.0.0/24 @@ -197,6 +221,36 @@ spec: * `dns`: if present, map of IP-to-domain DNS entries to create on the router. +* `snmp`: if present, SNMP is configured on the router. + + * `system_name`: a string describing the system. + + * `location`: a string for the system's physical location. + + * `contact`: a string for the system's contact information. + + * `communities`: a list of SNMP communities to configure. + + * `name`: the community string/name. This is required. + + * `authorization`: the authorization level for the community. Can be `ro` (read-only) or `rw` (read-write). Defaults to `ro` if not specified. + + * `clients`: a list of client IP addresses or CIDR ranges that are allowed to use this community. + + * `view`: the name of a view to associate with this community, restricting the OIDs that can be accessed. + + * `trap_targets`: a list of IP addresses to send SNMP traps to. + + * `views`: a list of view definitions. + + * `name`: the name of the view, which can be referenced by a community's `view` property. + + * `entries`: a list of OID entries for the view. + + * `oid`: the MIB OID tree to include or exclude. + + * `permission`: set to `included` or `excluded`. Both `oid` and `permission` are required for an entry to be valid. + * `emulators`: if present, a list of network emulator traffic policies to apply to one or more interfaces on egress. For each emulator in the list, only the `name` key is required, though the traffic policy will not get applied if @@ -233,7 +287,7 @@ spec: rules are actually applied to packets "egressing out of" interface `eth0`. !!! note - Currently, the `ipsec`, `emulators`, and `snat`/`dnat` metadata sections only + Currently, the `ipsec`, `emulators`, `snmp`, and `snat`/`dnat` metadata sections only apply to Vyatta/VyOS routers. !!! note