implement snmpv3
Tina Agarwal
Please guide me as to how could I proceed with implementation of snmp v3?
Currently I am using net-snmp-5.0.8 package and working on snmp v2. Do I
have to use another package? If yes, then which net-snmp version will have
to be used. Or I have to upgrade the existing package? If yes, please guide
me how to do so..
Thanx and Regards!
Tina
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Net-snmp-users mailing list
Net-snm...@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Dave Shield
> Please guide me as to how could I proceed with implementation of snmp v3?
Have you read README.snmpv3 ?
> Currently I am using net-snmp-5.0.8 package and working on snmp v2. Do I
> have to use another package? If yes, then which net-snmp version will have
> to be used. Or I have to upgrade the existing package?
No.
That package should be fine.
What have you tried so far?
Dave
Tina Agarwal
Yes, I am successful in getting system related parameters with snmpv3
command format after creating a user by reading README.snmpv3.
a) But I still am not able to set engineID using snmpset command. I am
giving the command:
snmpset -v 3 -u tina -l authNoPriv -a MD5 -A tina12345 10.254.24.227 -e
800000020109840310
It gives me error:
-e : Bad object type: 8
Please tell me where I am wrong..
b) Also, please help me differentiate between user and group. I created
"rwuser tina" in snmpd.conf and added manually "rwuser sample". Then
with the help of snmpusm I "cloned" the sample from tina. Means by using the
password associated with tina, I can run snmpget query with user sivan. Is
this the concept of group and user.. means tina is group and sample is
user..
c) How can I create view in snmpv3. Is the method same as snmpv2??
Thanx and Regards!
Tina
Dave Shield
> a) But I still am not able to set engineID using snmpset command.
First thing. *Why* are you trying to set the engineID.
Normally you can just leave SNMPv3 to discover this automatically.
> I am giving the command:
>
> snmpset -v 3 -u tina -l authNoPriv -a MD5 -A tina12345 10.254.24.227
> -e 800000020109840310
> It gives me error:
> -e : Bad object type: 8
>
> Please tell me where I am wrong..
You're mixing up command line options, and "positional" parameters.
All the options (i.e. "-something") must come *before* the positional
parameters (such as the destination host)
Try
snmpset -v 3 -u tina -l authNoPriv -a MD5 -A tina12345
-e 800000020109840310 10.254.24.277
> b) Also, please help me differentiate between user and group.
A group consists of one or more users, who all have the same level
of access. It means that you only need one "access" entry,
rather than one per user.
So you might have something like:
createUser dave .....
createUser wes .....
createUser robert .....
group theYanks wes robert
group theBrits dave
access theYanks .....
access theBrits .....
and the first "access" line will cover both "wes" and "robert"
while the second access line will only cover "dave"
If you've only got one user in a group ("theBrits"), then this simply
adds an extra (unnecessary) level of indirection. But if you've got
two or more users ("theYanks"), then it can simplify the overall setup.
> I created
> "rwuser tina" in snmpd.conf and added manually "rwuser sample".
Don't try to understand groups/users from the "rwuser" and "rouser"
settings. These are intended as a somewhat simpler configuration
mechanism. In fact they are just wrappers round the full VACM
setup, and create an (anonymous) group for each user.
Have a look at the FAQ entry:
I don't understand the new access control stuff - what does it mean?
which goes into this in more detail.
> c) How can I create view in snmpv3. Is the method same as snmpv2??
Yes.
See the FAQ entry mentioned above.
Sanjay Madan
I tried command
snmpset -v 3 -u tina -l authNoPriv -a MD5 -A tina12345 -e
800000020109840310 10.254.24.277
But It is giving error "Missing Object Name".What can be the reason?
Regards;
Sanjay Madan
----- Original Message -----
From: "Dave Shield" <D.T.S...@csc.liv.ac.uk>
To: "Tina Agarwal" <ti...@jcastnet.com>
Cc: "net-snmp-users" <net-snm...@lists.sourceforge.net>
Sent: Monday, August 09, 2004 4:38 PM
Subject: Re: implement snmpv3
>
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
Dave Shield
any responses to the mailing list. I don't have the time
or inclination to offer private, unpaid, SNMP consultancy.
Keep discussions to the list, where others can both learn
and offer advice. Thanks. ]
> How to discover engineID automatically. in SNMP V3 ? What is the way of
> doing this?
Omit the '-e 800000020109840310' option.
The toolkit will handle this automatically.
Tina was asking about specifying this explicitly,
but you don't normally need to bother.
The Net-SNMP toolkit does the work for you.
Dave
Sanjay Madan
On which physical location engineID is stored on the system? I have a
requirement to provide cli command "snmp-server engineID" and "No
snmp-server engineID" for setting and removing engineID configurations.I
don't know how to do this ?Please help me.
Thanks
Sanjay Madan
----- Original Message -----
From: "Dave Shield" <D.T.S...@csc.liv.ac.uk>
To: "Sanjay Madan" <san...@jcastnet.com>
Cc: "net-snmp-users" <net-snm...@lists.sourceforge.net>
Sent: Tuesday, August 10, 2004 3:22 PM
Subject: Re: implement snmpv3
Narinder Soni
3rd party SNMP manager. In order to configure it so that it could
query/set the values from agent, it asked me to provide the EngineID of
my UCD-SNMP agent. But I did not know where does agent store the value
of its EngineID. Is it in /var/uc-snmp/snmpd.conf file? If yes, then
what is the name of token?
For receiving traps in this 3rd party manager also, I had to give the
engine ID of Agent. Has this to be given as a param in 'trapsess'
derivative in snmpd.conf file? OR some other way is also there?
Thanks
Soni
Dave Shield
> 3rd party SNMP manager. In order to configure it so that it could
> query/set the values from agent, it asked me to provide the EngineID of
> my UCD-SNMP agent. But I did not know where does agent store the value
> of its EngineID. Is it in /var/uc-snmp/snmpd.conf file? If yes, then
> what is the name of token?
Firstly, I would regard this a deficiency in the manager,
which might be worth taking up with the developers of that software.
There are two ways in which you could determine the engineID of the
agent. One is indeed to look in the /var/ucd-snmp/snmpd.conf file,
where this engineID is listed as "oldEngineID".
[Wes - can you confirm that this remains constant
from one run of the agent to the next ? ]
I'm a little surprised that you didn't spot this as the most likely
candidate.
The other is to make an SNMPv3 request using an empty engineID.
It will fail, of course - but will return a Report PDU which includes
the correct engineID. That can then be used to repeat the request
(hopefully successfully this time).
That's what the SNMPv3 specs describe and what the UCD- and Net-SNMP
suites implement - just done manually. It also has the advantage
that it will work with *any* SNMPv3 agent, and isn't reliant on
using a vendor-specific configuration file.
> For receiving traps in this 3rd party manager also, I had to give the
> engine ID of Agent. Has this to be given as a param in 'trapsess'
> derivative in snmpd.conf file? OR some other way is also there?
Please see
http://www.net-snmp.org/tutorial-5/commands/snmptrap-v3.html
which discusses how SNMPv3 engines relate to traps.