IBM Books

MAS V3.3 Protocol Config Ref Vol 1

Configuring and Monitoring SNMP

This chapter describes the SNMP configuring and monitoring commands. It includes the following sections:

Accessing the SNMP Configuration Environment

To access the SNMP configuration environment, enter the following command at the Config> prompt: 

   Config> protocol snmp
   SNMP user configuration
   SNMP Config>

SNMP Configuration Commands

This section describes the SNMP configuration commands.

Table 32 lists the SNMP configuration commands. The SNMP configuration commands allow you to specify parameters that define the relationship between the SNMP agent and the network management station. The information you specify takes effect immediately after a restart or reload of the IBM 2216.

Enter the SNMP configuration commands at the SNMP Config> prompt.

Table 32. SNMP Configuration Commands Summary
 Command   Function 
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
 Add   Adds a community to the list of SNMP communities, an IP address with mask to a community, or a subtree to a MIB view. 
 Delete   Removes a community from the list of SNMP communities, an IP address with mask from a community, or a subtree from a MIB view. 
 Disable   Disables SNMP protocol and traps associated with named communities. 
 Enable   Enables SNMP protocol and traps associated with named communities. 
 List   Displays the current communities with their associated access modes, enabled traps, IP addresses, and views. Also displays all views and their associated MIB subtrees. 
 Set   Sets a community's access mode or view. A community's access mode is one of the following: 


Read and trap generation


Read, write and trap generation


Trap generation only


This command is also used to set a trap UDP port and to set the password used to encrypt and authenticate security-sensitive data.

Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Table 33. SNMP Configuration Commands Options Summary
COMMAND PARAM 1 PARAM 2 PARAM 3 PARAM 4 DEFAULT
 add   community   <comm_name>         None 
    address   <comm_name>   <ipAddress>   <ipMask>    
    sub_tree   <view_text_name>   <oid>       
                 
 delete   community   <comm_name>          
    address   <comm_name>   <ipAddress>   <ipMask>    
    sub_tree   <view_text_name>   <oid>       
                 
 disable   snmp             
    trap   all   <comm_name>       
       cold_start   <comm_name>       
       link_down   <comm_name>       
       link_up   <comm_name>       
       auth_fail   <comm_name>       
       enterprise   <comm_name>       
                 
 enable   snmp             
    trap   all   <comm_name>       
       cold_start   <comm_name>       
       link_down   <comm_name>       
       link_up   <comm_name>       
       auth_fail   <comm_name>       
       enterprise   <comm_name>       
                 
 list   all             
    community   access         access 
       traps          
       address         255.255.255.255 
       view         all 
    views             
                 
 set   community   access   read_trap   <comm_name>    
          write_read_trap   <comm_name>    
          trap_only   <comm_name>    
       view   <community>   all   all 
             <view_text_name>    
    trap_port   <udpPort#>          
    password             
                 
 exit                

Add

Use the add command to add a community name to the list of SNMP communities, add an address to a community, or assign a portion of the MIB (subtree) to a view.

Syntax:

add
community
address
sub_tree

community
Use the add community command to create a community. It will be created with a default access of read_trap, a view of all, all traps disabled, and all IP addresses allowed.
Note:To select access type or trap control, use the set community access command to assign access types to existing SNMP communities and use the enable trap or the disable trap command for trap control.

community name
Provides the community name used by the SNMP client. This community name is used when accessing the management information base (MIB) in the device from the host specified by the Community IP address parameter.

Valid Values: A string of 1 to 31 alphanumeric characters. Characters such as spaces, tabs, or <ESC> key sequences are not supported.

Default Value: none

Example: 

SNMP Config>  add community
Community Name  []? comm01
Community added successfully

address
Use the add address command to add to the community definition an address of a network management station in the network that should be allowed to communicate with this box. You must supply the name of the community and the network address (in standard a.b.c.d notation). You also may supply a net mask to restrict access to either an individual host (mask = 255.255.255.255) or to a network of hosts. More than one address can be added to a community; enter the command each time you want to add another address.

If you do not specify an address for a community, requests are handled from any host.

Addresses also specify hosts that receive the traps. If no address is specified, no trap is generated.

community name

Valid Values: A string of 1 to 31 alphanumeric characters. Characters such as spaces, tabs, or <ESC> key sequences are not supported.

Default Value: none

IP address

Valid Values: Any valid IP address.

Default Value: 0.0.0.0

ip mask
You also may supply a mask to restrict access to either an individual host (mask = 255.255.255.255) or to a network of hosts.

Valid Values: 0.0.0.0 - 255.255.255.255

Default Value: 255.255.255.255

Example: 

SNMP Config> add address
Community Name []?
IP Address [0.0.0.0]?
IP Mask [255.255.255.255]?

sub_tree
Use the add sub_tree command to add a portion of the MIB to a view or to create a new view. The default is the entire MIB. The add sub_tree command is used to manage MIB views. More than one subtree can be added to a view defined by <view_text_name>.

view name
Specifies the name of the view to be created.

Valid Values: Any alphanumeric character string up to 31 characters in length. Characters such as spaces, tabs, or <Esc> key sequences are not accepted.

Default Value: none
Note:You must assign a view to one or more communities using the set community view command to have it take effect. The subtree definitions are inclusive; that is, the subtree OID specified and any OID that is lexicographically greater than the specified OID is considered part of the MIB view.

If a community is added using the add community command, all supported MIB views are assigned to the community unless the set community view command is used to assign specific views to the community.

MIB OID name
Specifies the MIB Object ID for the sub_tree. This must be entered as a numeric value, not a symbolic value.

This parameter contains a MIB subtree name included in the view defined with the View name parameter. All children of a specified MIB subtree are also included in the view.

For example, to provide a view that would give access to the system group in MIB-II, specify 1.3.6.1.2.1.1.

Valid Values:

An object identifier in the form of <element1>.<element2>.<element3>. . ., where:

  • You need a minimum of 1 element. Since all MIB OIDs begin with 1.3.6.1, the minimum number of elements that you need to be provide in order for the view to differ from all is 5 (1.3.6.1.X).
  • You can define a maximum of 31 characters, including the . separators.
  • All elements after the first four (1.3.6.1) are integers between 0 and 127.
Note:This value must be numeric in dotted notation, not a symbolic value.

Default Value: none

Example: 

SNMP Config> add sub_tree
View Name  []? view01
MIB OID name []? 1.3.6.1.1
Subtree added successfully

Delete

Use the delete command to delete a community and all of its addresses, a specific address, or a subtree from a view.

Syntax:

delete
community
address
sub_tree

community
Removes a community and its IP addresses.

community name
Specifies a community name used by the SNMP client. This community name is used when accessing the management information base (MIB) in the device from the host specified by the Community IP address parameter.

Valid Values: A string of 1 to 31 alphanumeric characters. Characters such as spaces, tabs, or <ESC> key sequences are not supported.

Default Value: none

Example: 

SNMP Config> delete community
Community Name []?

address
Removes an address from a community. You must supply the name.

community name
Specifies the name of the community from which an address is to be removed. This community name is used when accessing the management information base (MIB) in the device from the host specified by the Community IP address parameter.

Valid Values: A string of 1 to 31 alphanumeric characters. Characters such as spaces, tabs, or <ESC> key sequences are not supported.

Default Value: public

IP address
Specifies the IP address to be removed.

Valid Values: Any valid IP address.

Default Value: none

Example: 

SNMP Config>  delete address
Community Name []?
IP address []?

sub_tree
Removes a MIB or a portion of the MIB from a view. You must supply the name of the subtree. If all subtrees are deleted, the MIB view is also deleted and all references to it from any associated SNMP communities are removed.

view name
Specifies the view used by the community defined in the community name parameter. This view determines which MIB objects this community may access. If no view is specified, the community may access all objects known to the device's SNMP agent.

This parameter should be answered if you decide to restrict a community from accessing the entire MIB managed by the device's SNMP agent.

Default Value: none

MIB OID name
Specifies the MIB Object ID for the sub_tree. This must be entered as a numeric value, not a symbolic value.

This parameter contains a MIB subtree name included in the view defined with the View name parameter. All children of a specified MIB subtree are also included in the view.

Valid Values: An object identifier in the form of <element1>.<element2>.<element3>. . ., where:

  • You need a minimum of 1 element. Since all MIB OIDs begin with 1.3.6.1, the minimum number of elements that you need to be provide in order for the view to differ from all is 5 (1.3.6.1.X).
  • You can define a maximum of 31 characters, including the . separators.
  • All elements after the first four (1.3.6.1) are integers between 0 and 127.

Default Value:nne

Example: 

SNMP Config> delete sub_tree
View name[]?
MIB OID[]?

Disable

Use the disable command to disable the SNMP protocol or specified traps on the device.

Syntax:

disable
snmp
trap
sram-write

snmp
Disables SNMP.

Example: disable snmp

trap trap type
Disables specified traps or all traps.

trap type
Specifies the type of trap to be disabled. Valid trap types are shown in Table 34.

community name

Valid Values: A string of 1 to 31 alphanumeric characters. Characters such as spaces, tabs, or <ESC> key sequences are not supported.

Default Value: none

Example: 

SNMP Config> disable trap link_up
Community name []?

sram-write


Table 34. SNMP Trap Types
 Trap Type   Description 
 all   Specifies all traps in a specified community. 
 cold_start   A cold start trap means that the transmitting device is reinitializing and that the agent's configuration or the protocol entity implementation may be altered. 
 link_down   A link_down trap recognizes a failure in one of the communication links represented in the agent's configuration. The link_down trap-PDU contains the name and value of the ifIndex instance for the affected link as the first element of its variable-bindings. 
 link_up   A link_up trap recognizes that a previously inactive link in the network has come up. The link_up trap-PDU contains the name and value of the ifIndex instance for the affected link as the first element of its variable-bindings. 
 auth_fail   Authentication failure traps indicate that the sender of the SNMP request does not have the proper permission to talk to this box's SNMP agent. 
 enterprise   Enterprise specific traps indicate that some enterprise specific event has occurred. The specific-trap field identifies the particular trap that occurred. For example, when configured to do so, ELS event messages are sent in enterprise-specific traps. 

Enable

Use the enable command to enable the SNMP protocol or specified traps on the device.

Syntax:

enable
snmp

trap

sram-write

snmp
Enables SNMP

Example: enable snmp

trap trap type
Enables specified traps or all traps.

trap type
Specifies the trap type to be enabled. Valid trap types are shown in Table 34.

community name

Valid Values: A string of 1 to 31 alphanumeric characters. Characters such as spaces, tabs, or <ESC> key sequences are not supported.

Default Value: none

sram-write

List

Use the list command to display the current configuration of SNMP communities, access modes, traps, network addresses, and views.

Syntax:

list
all

community

views

list all
Displays the current configuration of SNMP communities for Access, Traps, Address, and View. See the description of the list community command for details on the options.

Example: list all 

 SNMP Config>list all
 
    SNMP is enabled
    Trap UDP port: 162
    SRAM write is enabled
  
              Community Name                 Access
    --------------------------------  -------------------
    oxnard                            Read, Write, Trap
    public                            Read, Trap
 
 
 
             Community Name             IP Address         IP Mask
    --------------------------------  ---------------  ---------------
    oxnard                            1.1.1.2          255.255.255.255
    public                            All              N/A
 
 
 
             Community Name                   Enabled Traps
    --------------------------------  --------------------------------
    oxnard                            Link Down, Cold Restart
    public                            None
 
 
 
              Community Name                       View
    --------------------------------  --------------------------------
    oxnard                            mib2
    public                            All
 
 
               View Name                           Sub-Tree
    --------------------------------  --------------------------------
    mib2                              1.3.6.1.2
 
 
    Password is set. (security data flow encrypted)

list community option
Displays the current attributes of an SNMP community. Options are access, address, traps, view.
 Option   Description 
 Access   Displays the access modes for the community. 
 Address   Displays the network address for the community. 
 Traps   Displays the types of traps generated for the community. 
 View   Displays the MIB view for the community. 

Example: 

SNMP Config  list community access
 
            Community Name   Access
            public           Read, Write, Trap
            oxnard           Read, Trap

Example: 

SNMP Config>  list community address
 
            Community Name   IP Address   IP Mask
            public           All          N/A
            oxnard           1.1.1.2      255.255.255.255

Example: 

SNMP Config  list community traps
 
            Community Name   Enabled Traps
            public           Link Down, Cold Restart
            oxnard           NONE

Example: 

SNMP Config>  list community view
 
             Community Name   View
            public           All
            oxnard           mib2

list views
Displays the current views for a specified SNMP community.

Example: 

SNMP Config  list views
 
            View Name   Sub-Tree
            mib2        1.3.6.1.2.1

Set

Use the set command to assign a MIB view to a community, to set the SNMP UDP trap port number, or set the access mode of the community or SNMP password.

Syntax:

set
community access

community view

trap_port

password

community access
Use the set community access command to assign one of three access types to a community. You must supply the name of the community and the access type.

options
Choose an option from the following list:

read_trap
Allows read access and trap generation to the named community.

write_read_trap
Allows write and read access and trap generation to the community specified.

trap_only
Indicates the community is used only when sending an SNMP trap.

comm_name

The community name has:

Valid Values: A string of 1 to 31 alphanumeric characters.

Characters such as spaces, tabs, or <ESC> key sequences are not supported.

Default Value: none

Example: set community access <options> comm_name

community view
Use the set community view command to assign a MIB view to a community.

comm_name

Valid Values: A string of 1 to 31 alphanumeric characters. Characters such as spaces, tabs, or <ESC> key sequences are not supported.

Default Value: none

all
Allows access to all MIB objects for the named community. All is the default.

view_text_name
Assigns a specified MIB view to the named community.

Example: set community view comm_name <all or view_text_name>

trap_port
Use the set trap_port command to specify a UDP port number, other than the default standard port 162, to send traps to.

Default Value: standard port

Example: set trap_port udpport#

UDP Port Number
Specifies a User Datagram Protocol port other than the standard UDP port.

Default Value: 162

password
Use the set password command to specify the password to encrypt and authenticate the security sensitive MIB objects that are defined in the MIB. Setting the password to a string of zero length provides the maximum security by disallowing any access or setting of the security sensitive MIB objects. Setting the password to "clear" gives the least amount security by allowing data to flow without authentication. Setting the password to any other string allows access and setting of the security sensitive MIB objects which are encrypted and authenticated with this password.

Examples: 

(a) setting the password to a string of zero length:
 
           SNMP Config>set pa
           Password:
           Remove password? (Yes, No): y
           Password is set to NULL. (security data are not accessible)
 
       (b) setting the password to "clear":
 
           SNMP Config>set pa
           Password:
           to verify Enter password again:
           Password is set to "clear". (WARNING: security data flow in clear)
 
       (c) setting the password to "test":
           SNMP Config>set pa
           Password:
           to verify Enter password again:
           Password is set. (security data flow encrypted)

Accessing the SNMP Monitoring Environment

To access the SNMP monitoring environment, enter the following command at the + (GWCON) prompt: 

   + protocol snmp
   SNMP>

SNMP Monitoring Commands

This section describes the SNMP monitoring commands.

Table 35 lists the SNMP monitoring commands. The SNMP monitoring commands allow you to view the parameters of the SNMP configuration and display some statistics relating to the SNMP agent.

Temporary changes to the runtime SNMP parameters can be made through the monitoring. They will immediately affect the operation of the SNMP agent. If you want to make the temporary changes permanent, then use the SAVE command. If the original SNMP configuration needs to be restored, use the resetcommand. This command allows you to temporarily alter the behavior of the SNMP agent, without permanently changing the configuration. For the temporary changes to take affect, you must EXIT the SNMP monitoring process.

Enter the SNMP monitoring commands at the SNMP> prompt.

Table 35. SNMP Monitoring Command Summary
 Command   Function 
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
 Add   Adds a community to the list of SNMP communities, an IP address with mask to a community, or a subtree to a MIB view. 
 Delete   Removes a community from the list of SNMP communities, an IP address with mask from a community, or a subtree from a MIB view. 
 Disable   Disables traps associated with named communities. Disabling SNMP or SRAM_write must be done using the SNMP Config> configuration environment. 
 Enable   Enables traps associated with named communities. Enabling SNMP or SRAM_write must be done using the SNMP Config> configuration environment. 
 List   Displays the current configuration of SNMP communities, views, access modes, traps, and network addresses. 
 Reset   Updates the SNMP configuration with the values in the currently stored SNMP configuration. 
 Save   Takes the specified changes and saves then permanently in the SNMP configuration. 
 Set   Sets a community's access mode or view. A community's access mode is one of the following: 
* Read and trap generation
* Read, write and trap generation
* Trap generation only


Also allows setting of trap UDP port and password. See *** for additional information.

 Statistics   Displays statistics about the SNMP agent. 
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Add

Use the add command to add a community name to the list of SNMP communities, add an address to a community, or assign a portion of the MIB (subtree) to a view.

For information on using the add command, see "Add".

Delete

Use the delete command to delete:

For information on using the delete command, see "Delete".

Disable

Use the disable command to disable specified traps on the device.

For information on using the disable command, see "Disable".

Enable

Use the enable command to enable specified traps on the device.

For information on using the enable command, see "Enable".

List

Use the list command to display the current configuration of SNMP communities, views, access modes, traps, and network addresses.

Syntax:

list
all

community

views

For information about using the list command, see "List".

Reset

Use the SNMP reset command to update the SNMP configuration with the values in the current stored SNMP configuration. This action allows changes to the current SNMP configuration when the device is restarted or reloaded.

Save

Use the save command to permanently save the specified changes.

Set

For information on using the set command, see "Set".

Statistics

Use the statistics command to display statistics about the SNMP agent.

Syntax:

statistics

Example: statistics 

               Max      Current    Current
              Alloc     Alloc       In Use
 
SNMP agent:  512000     181144     133120
 
SNMP MIBs:   1048576     57976      19712

The following information is displayed:

Max Alloc
The maximum amount of memory (in bytes) that is reserved for the SNMP component.

Current Alloc
As memory is needed, it is taken from the reserved pool (designated by MAX ALLOC) and moved in to an "active" memory pool. The size of this "active" memory pool size is indicated by the CURRENT ALLOC value.

Current In Use
This value represents the memory currently allocated from the "active" memory pool (designated by CURRENT ALLOC) that is in use by the SNMP component.

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]