We are managing the following routers for the customer (Soho 96, 97, 836, 837, 1721, 1841) IOS 12.3(8)T,
we are allowing the customer to poll the router for MIB II information, however there are a number of MIBs that we don't want the customer to view, ie TCP Connections, IP Routing Table, IOS and Flash Versions, Dynamic Routing, Community Strings etc.
neither do we want them to see any troubleshooting information, but will allow interface statistics etc.
I am looking for a definitive list of OIDs in the MIB II which lock down all the MIBs that shouldn't be allowed.
How do I go about configuring this, do I allow everything and disallow the MIBs or just allow the MIBs I want them to have - would the second option disallow everything else because they had not been allowed or are they allowed by default.
I have thought about the snmp community string and acl for the customer management stations.
I am having difficulty with deciding the configuration for -
snmp-server view 'name' 'OIDname' included/excluded
Can anyone also tell me if I exclude a parent MIB OID, will it exclude all child MIBs in the same group unless I explicitly allow the individual child MIB.
thanks