215
Appendix D
Configuration Files
Configuring trap destinations
You must modify the
snmpd.cnf
file to send traps to each of your monitoring stations.
You must configure the
snmpnotifyEntry
and
snmpTargetAddrEntry
entries for trap destinations.
snmpnotifyEntry
sends traps to a particular host or group of hosts.
snmpTargetAddrEntry
defines the IP
addresses for a host or group of hosts.
For example, to send traps to a host named
host_a
, you need an
snmpnotifyEntry
line similar to the
following:
snmpnotifyEntry 31 host_a trap nonVolatile
This line defines a trap destination named
host_a
which can represent a single IP address or a group of IP
addresses. In place of
host_a
, enter the name of the host or group of hosts to receive traps on your system. In
place of
31
, enter a unique integer.
Then, for each IP address that you want to define for
host_a
, you must enter a
snmpTargetAddrEntry
line
similar to the following. All trap messages destined for
host_a
are sent to the IP addresses defined in the
snmpTargetAddrEntry
lines of the
snmpd.cnf
file.
snmpTargetAddrEntry 34 snmpUDPDomain A.B.C.D:0 100 3 host_a v1ExampleParams
nonVolatile 255.255.255.255:0
In place of
34
, enter a unique integer. In place of
A.B.C.D
, enter the IP address that you want to define for
host_a
.
Access control
By default, read-only access is granted to any host that makes SNMP requests using the community string
public
. To restrict access, you need to remove access-related default entries in the
snmpd.cnf
file and add
entries specifying the hosts you want to allow. You must:
•
Define the hosts or host groups for your system (use the
snmpTargetAddrEntry
lines to define the IP
addresses associated to each host or host group)
•
Define access communities (a community can consist of a host or group of hosts); you need to define hosts
before you can define communities
•
Give access to the communities that you want to have access; you need to define communities in order to
give them access
Example
To restrict access, remove the following default
snmpd.cnf
entries, which allow access to any host:
vacmAccessEntry snmpv1 public Anyone nonVolatile
vacmAccessEntry snmpv2c public Anyone nonVolatile
snmpCommunityEntry t0000000 public public localSnmpID - nonVolatile
To allow access to selected hosts, replace the deleted entries with the following. You can allow access to as
many hosts as you want. You can configure one host at a time or one subnet at a time.
For example, suppose you want to allow the single host named
OneHost
to have access to MIB information.
You would need the following lines in the
snmpd.cnf
file:
snmpTargetAddrEntry 33 snmpUDPDomain A.B.C.D:0 100 3 host_a v1ExampleParams
nonVolatile 255.255.255.255:0
snmpCommunityEntry localSnmpID public OneHost localSnmpID default host_
a nonVolatile
vacmAccessEntry OneHost - snmpv1 noAuthNoPriv exact All - All nonVolatile
vacmSecurityToGroupEntry snmpv1 public OneHost nonVolatile