CHAPTER 24 Simple Network Management Protocol 615 42 43 44 45 46 47 48 Byte 2969 UUNN 2147483647 tunnel UUNN 2147483647 tunnel UUNN 2147483647 tunnel UUNN 0 tunnel UDCN 1504 e1 UDCN 1504 e1 UDCN 1504 e1 800m 800m 800m 800m 2m 2m 2m ip-0/3/0 vt-0/3/0 mt-0/3/0 lt-0/3/0 e1-0/2/0 e1-0/2/1 e1-0/2/2 ip-0/3/0 vt-0/3/0 mt-0/3/0 lt-0/3/0 e1-0/2/0 e1-0/2/1 e1-0/2/2 And this is only part of it. Just imagine if someone managed to break in and . . . but wait: All we did is use a router interface's IP address. No breaking in was needed. What can we do to tighten things up? Let's limit SNMP access to a single interface on the router, and a single host reachable through the interface. The interface will be LAN2, on fe-1/3/0 , not surprisingly. We'll use the LAN2 host bsdserver so that we can still use scli . We'll also let an administrator with root privileges on bsdserver make changes with the set request in the SNMP community (a sort of SNMP "password," but it's really not) called locallan . Almost all of this is configured on the router, not the host.The scli limitation to execute a remote set command is a function of the applica- tion.The following presents the new router configuration.