R T M 3 2 0 5 U s e r M a n u a l
66
C H A P T E R S I X
67
R T M 3 2 0 5 U s e r M a n u a l
S I M P L E N E T W O R K M A N A G E M E N T P R O T O C O L ( S N M P )
RTM3205
to be created who may be authenticated using the Secure Hash Algorithm (SHA) with
password
RTM3205_0
. Passwords and passphrases must have a
minimum
of 8 characters, or you will
not be able to be authenticated.
IMPORTANT
You must kill the
snmpd
daemon prior to editing,
/boot/net-snmp/snmpd.conf
. Otherwise, the secret
key creation may not complete properly. Issue the command
/etc/rc.d/rc.snmpd stop
to kill
the
snmpd
daemon. You can verify that the
snmpd
daemon has been killed by issuing the
ps -e
command and verifying that it is not present.
After rebooting, the agent will read the
/boot/net-snmp/snmpd.conf
configuration file and compute
secret key(s) for each of the users and delete the
createUser
lines from the file. It will then write
the secret key(s) to the file. These lines begin with the string,
usmUser
. In this way, un-encrypted
passwords are not stored on the system.
IMPORTANT
To generate new keys, stop the
snmpd
process, delete the existing
usmUser
key lines from the file
/boot/net-snmp/snmpd.conf
and then add new
createUser
lines. Then reboot the system.
This example gives the simplest configuration to begin using SNMPv3 but doesn’t make use of the
full capabilities of the VACM in defining groups and views for fine-grained access control. The fac-
tory default
/etc/snmpd.conf
file contains commented blocks of lines that can be uncommented to give
you a basic configuration that uses the User-based Security Model (USM) described in RFC-2274 and
the View-based Access Control Model (VACM) described in RFC-2275. The comments included in
the file should help you in modifying it for your specific requirements.
Configuring SNMPv3
Notifications and Informs
If you have followed the steps in
Configuration of SNMPv3
(above), then you are almost ready to
use SNMPv3 notifications and informs.
SNMPv3 uses the same
trap2sink
and
informsink
directives in
/etc/snmpd.conf
as SNMPv2c.
The difference being that
snmptrap
requires authorization and authentication information be provid-
ed to it when sending SNMPv3 notifications and/or informs. This additional information comes from
the usmUser records in
/boot/net-snmp/snmp.conf
. A usmUser record is a space delimited record on
one line with the following fields:
Summary of Contents for RTM3205
Page 2: ......
Page 6: ...R T M 3 2 0 5 U s e r M a n u a l This page intentionally left blank...
Page 18: ...R T M 3 2 0 5 U s e r M a n u a l This page intentionally left blank...
Page 126: ...R T M 3 2 0 5 U s e r M a n u a l 108 A P P E N D I X A This page intentionally left blank...
Page 154: ...R T M 3 2 0 5 U s e r M a n u a l 136 A P P E N D I X E This page intentionally left blank...
Page 156: ...R T M 3 2 0 5 U s e r M a n u a l 138 A P P E N D I X F This page intentionally left blank...
Page 160: ...R T M 3 2 0 5 U s e r M a n u a l 142 A P P E N D I X G This page intentionally left blank...
Page 168: ...R T M 3 2 0 5 U s e r M a n u a l 150 A P P E N D I X J This page intentionally left blank...
Page 179: ......