Restricting SNMP access to LTM (especially use of "sys snmp agent-addresses")
I am wondering about restricting SNMP access to an LTM. I want to understand how the following two commands should be used:
modify sys snmp agent-addresses
modify sys snmp allowed-addresses
The CLI help output provides the following for the two options:
agent-addresses A list of protocol/address combinations that the agent listens for traffic on.
allowed-addresses Configures hosts or networks from which snmpd can accept traffic. Entries go directly into hosts.allow.
Allowed-addresses is the example I see on many websites which give example setup, and it seems to tie in with the restrictions that you can set via the GUI. So setting this makes sense to me in that only SNMP traffic sourced from these addresses will be allowed.
Agent-addresses is less obvious to me. If you use this to specify IP addresses then what is the behaviour of the SNMP daemon - will it only listen for (and therefore allow) connections from these specific source addresses? If so what is the difference between this and the allowed-addresses command.
So I am looking for a fuller explanation of how these commands operate - on their own and also how they combine when both are deployed. Examples to illustrate sensible use combinations would be great.