The PW.SRC statements could be specified as follows:
passwd1 9.0.0.0 255.0.0.0
passwd2 129.34.81.22 255.255.255.255
IPv6passwd3 12ab::0 16
IPv6passwd4 39B3::F430:03EE 128
The PW.SRC statements specify community names and hosts that can use each community name. The format of a statement is:
community_namedesired_networksnmp_mask
See z/OS Communications Server: IP Configuration Reference for more information about syntax.
The community name of an incoming SNMP request is compared to the known community names. If a match is found, then the IP address of the incoming request is logically ANDed with the snmp_mask of the PW.SRC statement. The result of the logical ANDing process is compared with the desired_network. If they match, the request is accepted.
In the case of a password definition to be used by an IPv6 address or range of IPv6 addresses, the snmp_mask can be specified as a prefix value. The prefix specifies the number of bits to be used to construct an IPv6 address mask.
In the preceding example, if a request for community_name passwd1 is received from the IP address 9.34.22.122, IP address 9.34.22.122 is ANDed with 255.0.0.0. The result is 9.0.0.0, which equals the specified desired_network for passwd1, so this request is accepted. In passwd2, if the community_names match, only requests from host 129.34.81.22 are accepted. The password IPv6passwd3 can be used by any IPv6 address that starts with 12ab.
If the community_name values do not match, or the IP address ANDed with the snmp_mask does not match, an AUTHENTICATION_FAILURE trap is sent if both of the following conditions are true:
snmpEnableAuthenTraps 1
A desired_network and snmp_mask of all zeros allows anyone with the correct community_name to make requests. However, the passwords for IPv4 addresses and the passwords for IPv6 addresses are stored and handled separately. Defining a password for use by both IPv4 and IPv6 addresses requires two entries in PW.SRC. Likewise, defining a password to be used by all addresses (both IPv4 and IPv6) requires two entries as follows:
passwd5 0.0.0.0 0.0.0.0
passwd5 0::0 0