snmpd.cnf(4)snmpd.cnf(4)NAMEsnmpd.cnf — configuration file for SNMPv3
DESCRIPTION
Provides non-volatile storage for configuration parameters.The
snmpd.cnf is automatically updated (re-written) by EMANATE on startup.
This is used to configure SNMPv3.
Parameters
The syntax for specifying parameters is:
TAG VALUE
Where TAG is one of the following and the corresponding VALUE are spec‐
ified below. To specify multiple values for a tag in more than one
line add \ at the end of the line.
usmUserEntry
usmUserEntry is used to configure an SNMPv3 user.
vacmSecurityToGroupEntry
vacmSecurityToGroupEntry is used to assign 'principal' to a
group, where principal is either SNMPv3 user or SNMPv1,
SNMPv2 community string.
vacmAccessEntry
vacmAccessEntry is used to define group(s) and the associated
access rights.
vacmViewTreeFamilyEntry
vacmViewTreeFamilyEntry is used to configure a view tree fam‐
ily.
snmpTargetAddrEntry
snmpTargetAddrEntry is used to configure target addresses (to
which notifications should be sent).
snmpNotifyEntry
snmpNotifyEntry is used to configure Notification Entries.
snmpTargetParamsEntry
snmpTargetParamsEntry is used to configure the parameters to
be used while sending notifications.
When the TAG is "usmUserEntry", the format of the VALUE clause is as
follows:
usmUserEngineID usmUserName usmUserAuthProtocol usmUserPrivProtocol \
usmUserStorageType usmTargetTag
where
usmUserEngineID
is an OctetString, which is authoritative SNMP engine's
administeratively unique identifier. For snmpget/snmpset
requests, the value in agent configuration file will be
localSNMPID.
usmUserName
is user name in the ASCII text.
usmUserAuthProtocol
is the Authentication Protocol used for sending and receiving
messages, on behalf of this SNMPengine. Currently supported
values are usmNoAuthProtocol and usmHMACMD5AuthProtocol.
usmUserPrivProtocol
is the Privacy protocol used for sending and receiving mes‐
sages, on behalf of SNMP engine. Currently, no protocol is
supported. Default value is the OID for the usmUserPrivProto‐
col i.e. .1.3.6.1.6.3.10.1.2.1
usmUserStorageType
is `nonVolatile', `permanent', or `readOnly'
usmTargetTag
is ASCII text used for source address checking. It is used
for selecting a set of entries from snmpTargetAddrTable. The
value will be "-" if source address checking is not required.
When the TAG is vacmSecurityToGroupEntry, the format of the VALUE
clause is as follows:
vacmSecurityModel vacmSecurityName vacmGroupName vacmSecurityToGroup‐
StorageType
vacmSecurityModel
is "snmpv1" for SNMPv1, "snmpv2c" for SNMPv2c and "usm" for
SNMPv3
vacmSecurityName
is the ASCII string which is 'principal' (SNMPv3 user or
SNMPv1/ SNMPv2 community string).
vacmGroupName
is the ASCII text defining the group name. This group name
must be defined by at least one vacmAccessEntry.
vacmSecurityToGroupStorageType
is `nonVolatile', `permanent', or `readOnly'.
When the TAG is vacmAccessEntry the format of the VALUE clause is as
follows:
vacmGroupName vacmAccessContextPrefix vacmAccessSecurityModel vacmAc‐
cessSecurityLevel vacmAccessContextMatch vacmAccessReadViewName vac‐
mAccessWriteViewName vacmAccessNotifyViewName vacmAccessStorageType
where,
vacmGroupName
is ASCII text representing group name.
vacmAccessContextPrefix
is ASCII string used to match the context name in the man‐
angement request, either partially or completely. A dash"-"
represents default context.
vacmAccessSecurityModel
is "snmpv1" for SNMPv1, "snmpv2c" for SNMPv2c and "usm" for
SNMPv3.
vacmAccessSecurityLevel
is the level of authentication and privacy. Presently sup‐
ported values are noAuthNoPriv, for no authentication no pri‐
vacy, authNoPriv for Authentication and no privacy.
vacmAccessContextMatch
is "exact" or "prefix" to indicate how the context of the
request must match vacmAccessContextPrefix.
vacmAccessReadViewName
is used for defining view subtrees for Get request. It should
be defined by at least one vacmViewTreeFamilyEntry.
vacmAccessWriteViewName
is used for defining view subtrees for Set requests. It
should be defined by at least one vacmViewTreeFamilyEntry.
vacmAccessNotifyViewName
is used for defining view subtrees from which objects may be
included as VarBinds in the Trap messages & Inform requests.
It should be defined by at least one vacmViewTreeFamilyEntry
vacmAccessStorageType
is `nonVolatile', `permanent', or `readOnly' .
When the TAG is vacmViewTreeFamilyEntry, the format of the VALUE clause
is as follows:
vacmViewTreeFamilyViewName vacmViewTreeFamilySubtree
vacmViewTreeFamilyMask vacmViewTreeFamilyType vacmViewTreeFamilyStor‐
ageType
Where,
vacmViewTreeFamilyViewName
is the name of the family of this view of subtrees.
vacmViewTreeFamilySubtree
is the object Identifier that defines the subtree.
vacmViewTreeFamilyMask
is a sequence of hexadecimal numbers between 0x00 and 0xff,
to restrict the value of vacmViewTreeFamilySubtree. A value
of 0, indicates `wild card' (matches anything), and value of
1 indicates exact match.
vacmViewTreeFamilyType
is "included" or "excluded" to mean whether the subtree under
the OID defined by vacmViewTreeFamilySubtree is accessible or
not accessible.
vacmViewTreeFamilyStorageType
is `nonVolatile', `permanent', or `readOnly'.
When the TAG is snmpTargetAddrEntry, the format of the VALUE clause is
as follows:
snmpTargetAddrName snmpTargetAddrTDomain snmpTargetAddrTAddress
snmpTargetAddrTimeout snmpTargetAddrRetryCount snmpTargetAd‐
drTagList snmpTargetAddrParams snmpTargetAddrStorageType snmpTarge‐
tAddrTMask snmpTargetAddrMMS
where,
snmpTargetAddrName
is the ASCII text representing the name of the target.
snmpTargetAddrTDomain
is and OID which indicates network type. Presently supported
value is 'snmpUDPDomain' i.e. 1.3.6.1.6.1.1
snmpTargetAddrTAddress
is x.x.x.x:y where x.x.x.x is a valid IP address and y is a
valid UDP port number. The address is used as destination
address for outgoing notifications.If y is 0, the value of
SR_TRAP_TEST_PORT is used as destination port number. Other‐
wise, if SR_SNMP_TEST_PORT is set, the destination port is 1
more than SR_SNMP_TEST_PORT, else 162 is destination port.
snmpTargetAddrTimeout
is used for Inform requests to estimate the round trip time
(in hundredths of a second). When Inform request is sent to
this address, and response does not arrive in this time, SNMP
entity will assume that response will not be delivered. The
default value is 1500 (15 seconds) as per RFC-2573.
snmpTargetAddrRetryCount
is the number of times, Inform request is resent, if response
is not received. Default value is 3 as suggested by RFC-2573.
snmpTargetAddrTagList
is a quoted string containing one or more tags corresponding
to the value of snmpNotifyTag in snmpNotifyTable. A notifica‐
tion defined in snmpNotifyTable will be sent to snmpTargetAd‐
drTDomain if notification's snmpNotifyTag appears in this tag
list.
snmpTargetAddrParams
is ASCII string used to select values in snmpTargetParam‐
sTable.
snmpTargetAddrStorageType
is `nonVolatile', `permanent', or `readOnly'.
snmpTargetAddrTMask
is mask value for snmpTargetAddrTAddress.
snmpTargetAddrMMS
is Maximum Message Size that can be transmitted between local
host & host with address snmpTargetAddrTAddress without frag‐
mentation. Default size is 2048..
When the TAG is "snmpNotifyEntry", the format of the VALUE clause is as
follows:
snmpNotifyName snmpNotifyTag snmpNotifyType snmpNotifyStorageType
where,
snmpNotifyName
is the ASCII text representing the name of notification.
snmpNotifyTag
is the ASCII string used to select entries in snmpTargetAd‐
drTable.
snmpNotifyType
is "1" for traps or "2" for informs.
snmpNotifyStorageType
is `nonVolatile', `permanent', or `readOnly'.
When the TAG is "snmpTargetParamsEntry", the format of the VALUE clause
is as follows:
snmpTargetParamsName snmpTargetParamsMPModel snmpTarget‐
ParamsSecurityModel snmpTargetParamsSecurityName snmpTarget‐
ParamsSecurityLevel snmpTargetParamsStorageType
where
snmpTargetParamsName
is the ASCII text representing the name of the parameter.
snmpTargetParamsMPModel
is "0" for SNMPv1, "1" for SNMPv2c, "3" for SNMPv3. This
field in combination with snmpTargetParamsSecurityModel
defines the type of notifications to be sent.
snmpTargetParamsSecurityModel
is "snmpv1" for SNMPv1, "snmpv2c" for SNMPv2c, "snmpv2s" for
SNMPv2*, or "usm" for SNMPv3. This field in combination with
snmpTargetParamsMPModel defines the type of notifications to
be sent.
snmpTargetParamsSecurityName
is the ASCII string which is 'principal' (SNMPv3 user or
SNMPv1 / SNMPv2 community string), to be used for notifica‐
tions.
snmpTargetParamsSecurityLevel
is the security level of the notifications to be sent. Only
supported value is noAuthNoPriv.
snmpTargetParamsStorageType
is `nonVolatile', `permanent', or `readOnly'.
SNMPv3 configuration
To configure version3 do the following
Step 1. Disable SNMPv1 and SNMPv2 by disabling get-community-name
parameter in /etc/SnmpAgent.d/snmpd.conf
Step 2. Add appropriate parameters in snmpd.cnf
Step 3. Restart the master agent and all the subagents.
EXAMPLES
Separate the fields by blanks or tabs. A # character indicates the
beginning of a comment; characters from the # character to the end of
the line is ignored.
Each line in the following example snmpd.cnf file is preceded by a com‐
ment (beginning with #) that explains the entry.
Do the following to configure a SNMPv3 user as a part of the group
called 'admin' whose access is defined by the view called 'All' to the
subtree 'internet'.
1.Create a SNMPv3 user 'v3usr' with No Authentication Protocol.
# Create a SNMPv3 user 'v3usr' with No Authentication Protocol.
usmUserEntry localSnmpID v3usr usmNoAuthProtocol 1.3.6.1.6.3.10.1.2.1 \
nonVolatile whereValidRequestsOriginate -
2.Create a SNMPv3 user 'v3usr' with Authentication enabled and
password as "passwd".
# Create a SNMPv3 user 'v3usr' with Authentication enabled and
# password as "passwd".
usmUserEntry localSnmpID v3usr usmHMACMD5AuthProtocol 1.3.6.1.6.3.10.1.2.1 \
nonVolatile whereValidRequestsOriginate "passwd"
3.Create a group 'admin' and make the user 'v3usr' a part of the
same group.
# Create a group 'admin' and make the user 'v3usr' a part of the
# same group.
vacmSecurityToGroupEntry usm v3usr admin nonVolatile
4.Assign access control the group 'admin'. This group will have
security protocol as no authentication and no privacy
# Assign access control the group 'admin'. This group will have
# security protocol as no authentication and no privacy
vacmAccessEntry admin - usm noAuthNoPriv prefix All All - nonVolatile
5.'All' is the name of the view that will define the access for the
group 'admin'. Give access to the view named 'All'. The access is
for the subtree `internet' i.e. .1.3.6.1
# 'All' is the name of the view that will define the access for the
# group 'admin'. Give access to the view named 'All'. The access is
# for the subtree `internet' i.e. .1.3.6.1
vacmViewTreeFamilyEntry All 1.3.6.1 - included nonVolatile
6.Create a target address entry for 192.168.40.40 with UDP port as 0.
If SNMP_TRAP_TEST_ENTRY or SNMP_TEST_PORT_ENTRY are not used,
default value of UDP port 162 will be used.
# Create a target address entry for 192.168.40.40 with UDP port as 0.
# If SNMP_TRAP_TEST_ENTRY or SNMP_TEST_PORT_ENTRY are not used,
# default value of UDP port 162 will be used.
snmpTargetAddrEntry stae2 1.3.6.1.6.1.1 192.168.40.40:0 0 0 \
whereValidRequestsOriginate - nonVolatile 255.255.255.255:0 2048
AUTHORsnmpd.cnf was developed by Hewlett-Packard Co.
FILES
/etc/srconf/agt/snmpd.cnf
SEE ALSOsnmpd(1M),snmpd.conf(4),snmpd.ea(1M).
STANDARD CONFORMANCES
RFC 1155, RFC 1157, RFC 1212, RFC 1213, RFC 1231, RFC 1398, RFC 3410,
RFC 3411, RFC 3412, RFC 3413, RFC 3414, RFC 3415, RFC 3416
snmpd.cnf(4)