Configuring SNMP
By default, SNMP is not enabled. To enable SNMP, you must complete the SNMP configurations.
RBFS supports SNMP 2c and 3 versions. You must first configure the desired version before configuring other functionalities. RBFS does not support running both the SNMP 2c and 3 versions at the same time.
The RBFS CLI displays all options regardless of the selected version. Even though functionalities such as Community can be configured for both of the versions, it works only in SNMP 2c version. You can define 'user profiles' on SNMP v3 and 'Community' in version 2c. Similarly, Engine ID can be defined in SNMP version 3.
Configuration Hierarchy
The diagram illustrates the SNMP configuration hierarchy. All SNMP configurations are performed within an instance.
Configuration Syntax and Commands
The following sections describe the SNMP configuration syntax and commands.
SNMP Instance Configuration
At this instance configuration hierarchy, you configure SNMP protocol parameters which are generic to the SNMP instance.
Syntax
set instance <instance-name> protocol snmp <attribute> <value>
Attribute | Description |
---|---|
version |
Specify the SNMP version. RBFS supports SNMP version 2c and version 3. You must first configure the desired version before configuring other functionalities. |
engine-id |
Specify the unique SNMP engine identifier. This is optional. If not specified, the system retrieves the default engine ID from the management port MAC address. Every SNMP v3 agent includes an engine ID that is a unique identifier for the agent. The engine ID is used to provide a higher level of security using authentication and encryption for SNMP v3 messages. |
Example: SNMP Version and Engine Identifier Configuration
The following commands configure SNMP version 3 and engine ID: 268956.
set instance default protocol snmp version 3 set instance default protocol snmp engine-id 268956
The following example shows the SNMP version and engine ID configurations.
supervisor@rtbrick.net: cfg> show config instance default protocol snmp { "rtbrick-config:snmp": { "version": "3", "engine-id": "268956" } }
SNMP Community Configuration
An SNMP community can be defined only in the SNMP version 2c.
Syntax
set instance <instance-name> protocol snmp community
Attribute | Description |
---|---|
access-mode |
Specify the access mode. Read, write and append are modes of access. 'ReadOnly' is the currently supported access mode. |
view |
Specify the list of view identifiers. View is optional. For information about Views, see section "2.2.3 SNMP View Configuration". |
Example: SNMP v2c Community Configuration
The following commands configure a Community named 'public' with read-only access right to the 'interfaces' View.
set instance default protocol snmp version 2c set instance default protocol snmp community public access-mode ReadOnly set instance default protocol snmp community public view Interfaces
The following example shows SNMP v2c community configurations.
supervisor@rtbrick: cfg> show config instance default protocol snmp { "rtbrick-config:snmp": { "version": "2c", "community": [ { "name": "public" "access-mode": "ReadOnly" } ] } }
SNMP View Configuration
An SNMP View is a subset of MIB objects. Views allow you to restrict access to certain items in the SNMP PDUs. You can restrict user and community access to certain attributes by defining views. A view restricts access to the PDUs included in the View. If the access is not restricted by views, the user or community is allowed to view all data available through SNMP.
Syntax
set instance <instance-name> protocol snmp <attribute> <value>
Attribute | Description |
---|---|
include <include> |
List of OID patterns that are included in the view. |
instance |
List of instances. It restricts the view to the specified instances. If no instance is defined, the view can access to all instances. |
Example: SNMP View Configuration
The following commands configure SNMP View. In this example configuration, SNMP version has been specified as 2c and 'View' name is specified as interfaces. The 'interfaces' view includes the OID 1.3.6.1.2.1.2.* in the view list. In addition, the configuration shows a user 'community' named public has been configured and the community has read-only access to the View.
set instance default protocol snmp version 2c set instance default protocol snmp view interfaces include 1.3.6.1.2.1.2.* set instance default protocol snmp community public access-mode ReadOnly
The following example shows the SNMP View configuration.
supervisor@rtbrick: cfg> show config instance default protocol snmp { "rtbrick-config:snmp": { "version": "2c", "view": [ { "name": "interfaces", "include": [ "1.3.6.1.2.1.2.*" ] } ], "community": [ { "name": "public", "access-mode": "ReadOnly", "view": [ "interfaces" ] } ] } }
SNMP User Profile Configuration
You can create user profiles for SNMP version 3. It allows you to define login credentials, authentication methods, and privacy control.
Syntax
set instance <instance-name> protocol snmp user-profile
Attribute | Description |
---|---|
authentication-protocol |
Specify SNMP authentication protocol. MD5, NoAuth, SHA, SHA224, SHA256, SHA384, and SHA512 are the supported authentication protocol. |
password-encrypted-text |
Specify SNMP user password in encrypted text. |
password-plain-text |
Specify SNMP user password in plain text. |
privacy-password-encrypted-text |
Specify SNMP privacy password in encrypted text. |
privacy-password-plain-text |
Specify SNMP privacy password in plain text. |
privacy-protocol |
Specify SNMP privacy protocol. Supported privacy protocols include AES192, AES192C, AES256, AES256C, DES, and NoPriv. |
security-level |
Specify SNMP v3 security level. Security levels exist only in SNMP v3. The following security levels are supported:
|
view |
Specify SNMP view list. |
Example: SNMP User Profile Configuration
The following commands configure SNMP user profile. At first, SNMP Version 3 is configured with the user profile name as operator. Password type has been selected as password encrypted text. In this configuration, the security level is configured as AuthNoPriv
and MD5 as type of the authentication protocol.
set instance default protocol snmp version 3 set instance default protocol snmp user-profile operator set instance default protocol snmp user-profile operator password-encrypted-text $2a6fd7db50a18a9f1f16b5c5b4214fab0 set instance default protocol snmp user-profile operator security-level AuthNoPriv set instance default protocol snmp user-profile operator authentication-protocol MD5
The following example shows the SNMP User Profile Configuration
supervisor@rtbrick: cfg> show config instance default protocol snmp { "rtbrick-config:snmp": { "version": "3", "user-profile": [ { "name": "operator", "password-encrypted-text": "$2a6fd7db50a18a9f1f16b5c5b4214fab0", "security-level": "AuthNoPriv", "authentication-protocol": "MD5" } ] } }
Examples for SNMP Walk Operation
SNMP v2c SNMP Walk Output
The following is a sample output for the SNMP Walk for SNMP version 2c. SNMP version 2c has been configured with Community name as 'public' and, host IP address as 10.200.134.25.
snmpwalk -v 2c -c public 10.200.134.25 iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2 iso.3.6.1.2.1.2.2.1.1.3 = INTEGER: 3 iso.3.6.1.2.1.2.2.1.1.4 = INTEGER: 4 iso.3.6.1.2.1.2.2.1.1.5 = INTEGER: 5 iso.3.6.1.2.1.2.2.1.1.6 = INTEGER: 6 iso.3.6.1.2.1.2.2.1.1.7 = INTEGER: 7 iso.3.6.1.2.1.2.2.1.1.8 = INTEGER: 8 iso.3.6.1.2.1.2.2.1.1.9 = INTEGER: 9 iso.3.6.1.2.1.2.2.1.1.10 = INTEGER: 10 iso.3.6.1.2.1.2.2.1.1.11 = INTEGER: 11 iso.3.6.1.2.1.2.2.1.1.12 = INTEGER: 12 iso.3.6.1.2.1.2.2.1.1.13 = INTEGER: 13 iso.3.6.1.2.1.2.2.1.1.14 = INTEGER: 14 iso.3.6.1.2.1.2.2.1.1.15 = INTEGER: 15 iso.3.6.1.2.1.2.2.1.1.16 = INTEGER: 16 iso.3.6.1.2.1.2.2.1.1.17 = INTEGER: 17 iso.3.6.1.2.1.2.2.1.1.18 = INTEGER: 18 iso.3.6.1.2.1.2.2.1.1.19 = INTEGER: 19 iso.3.6.1.2.1.2.2.1.1.20 = INTEGER: 20 iso.3.6.1.2.1.2.2.1.1.21 = INTEGER: 21 iso.3.6.1.2.1.2.2.1.1.22 = INTEGER: 22 iso.3.6.1.2.1.2.2.1.1.23 = INTEGER: 23 <...>
SNMP v3 SNMP Walk Output
The following is a sample output for the SNMP Walk for SNMP version 3. SNMP version 3 has been configured with user as 'operator', MD5 as the authentication protocol, authNoPriv as the security level, and 10.200.134.25 as the host IP address.
snmpwalk -v 3 -u operator -A operator -a MD5 -l authNoPriv 10.200.134.25 iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2 iso.3.6.1.2.1.2.2.1.1.3 = INTEGER: 3 iso.3.6.1.2.1.2.2.1.1.4 = INTEGER: 4 iso.3.6.1.2.1.2.2.1.1.5 = INTEGER: 5 iso.3.6.1.2.1.2.2.1.1.6 = INTEGER: 6 iso.3.6.1.2.1.2.2.1.1.7 = INTEGER: 7 iso.3.6.1.2.1.2.2.1.1.8 = INTEGER: 8 iso.3.6.1.2.1.2.2.1.1.9 = INTEGER: 9 iso.3.6.1.2.1.2.2.1.1.10 = INTEGER: 10 iso.3.6.1.2.1.2.2.1.1.11 = INTEGER: 11 iso.3.6.1.2.1.2.2.1.1.12 = INTEGER: 12 iso.3.6.1.2.1.2.2.1.1.13 = INTEGER: 13 iso.3.6.1.2.1.2.2.1.1.14 = INTEGER: 14 iso.3.6.1.2.1.2.2.1.1.15 = INTEGER: 15 iso.3.6.1.2.1.2.2.1.1.16 = INTEGER: 16 iso.3.6.1.2.1.2.2.1.1.17 = INTEGER: 17 iso.3.6.1.2.1.2.2.1.1.18 = INTEGER: 18 iso.3.6.1.2.1.2.2.1.1.19 = INTEGER: 19 iso.3.6.1.2.1.2.2.1.1.20 = INTEGER: 20 iso.3.6.1.2.1.2.2.1.1.21 = INTEGER: 21 iso.3.6.1.2.1.2.2.1.1.22 = INTEGER: 22 iso.3.6.1.2.1.2.2.1.1.23 = INTEGER: 23 <...>