Configuring SNMP settings

Configuring System Administrator Settings : Configuring SNMP settings

You configure SNMP contact and trap receiver settings to allow events to be reported to an SNMP entity under Administration > System Settings: SNMP Basic.

The SNMP service is disabled by default. We recommend that you enable it for improved security. If you encounter the error “Cannot generate the authentication key for a new User because the SNMP subsystem is not running.” you’ll need to enable SNMP by running the pm process snmpd launch auto command. You can verify that SNMP is enabled by running the show pm process snmpd command.

Traps are messages sent by an SNMP entity that indicate the occurrence of an event. The default system configuration does not include SNMP traps.

RiOS provides support for these SNMP versions:

• SNMPv1

• SNMPv2c

• SNMPv3, which provides authentication through the User-based Security Model (USM).

• View-Based Access Control Mechanism (VACM), which provides richer access control.

• SNMPv3 authentication using AES 128 and DES encryption privacy.

You set the default community string in the SNMP Basic page.

Under SNMP Server Settings, these configuration options are available:

Enable SNMP Traps

Enables event reporting to an SNMP entity.

System Contact

Specifies the username for the SNMP contact.

System Location

Specifies the physical location of the SNMP system.

Read-Only Community String

Specifies a password-like string to identify the read-only community: for example, public. This community string overrides any VACM settings. Community strings can’t contain the pound sign (#).

Adding or removing a trap receiver

Under Trap Receivers, these configuration options are available:

Add a New Trap Receiver

Displays the controls to add a new trap receiver.

Receiver

Specifies the destination IPv4 or IPv6 address or hostname for the SNMP trap.

Destination Port

Specifies the destination port.

Receiver Type

Specifies SNMP v1, v2c, or v3 (user-based security model).

Remote User

Specifies a remote username. (This options appears only when you select v3)

Authentication

Specifies either Supply a Password or Supply a Key to use while authenticating users. (This options appears only when you select v3).

Authentication Protocol

Specifies an authentication method from the drop-down list. (This option appears only when you select v3.)

• MD5 specifies the Message-Digest 5 algorithm, a widely used cryptographic hash function with a 128-bit hash value. This is the default value.

• SHA specifies the Secure Hash Algorithm, a set of related cryptographic hash functions. SHA is considered to be the successor to MD5.

Password/Password Confirm

Specifies a password. The password must have a minimum of eight characters. Confirm the password in the Password Confirm text box. (This option appears only when you select v3 and Supply a Password.)

Security Level

Determines whether a single atomic message exchange is authenticated. (This option appears only when you select v3.) Select one of these levels from the drop-down list:

• No Auth doesn’t authenticate packets and doesn’t use privacy. This is the default setting.

• Auth authenticates packets but doesn’t use privacy.

• AuthPriv authenticates packets using AES 128 and DES to encrypt messages for privacy.

A security level applies to a group, not to an individual user.

Privacy Protocol

Specifies either the AES or DES protocol from the drop-down list. AES uses the AES128 algorithm. (This option appears only when you select v3 and AuthPriv.)

Privacy

Specifies Same as Authentication Key, Supply a Password, or Supply a Key to use while authenticating users. The default setting is Same as Authentication Key. (This options appears only when you select v3 and AuthPriv.)

Privacy Password

Specifies a password. The password must have a minimum of eight characters. Confirm the password in the Privacy Password Confirm text box. (This option appears only when you select v3 and Supply a Password.)

MD5/SHA Key

Specifies a unique authentication key. The key is either a 32-hexadecimal digit MD5 or a 40-hexadecimal digit SHA digest created using md5sum or sha1sum. (This options appears only when you select v3 and Authentication as Supply a Key.)

Privacy MD5/SHA Key

Specifies the privacy authentication key. The key is either a 32-hexadecimal digit MD5 or a 40-hexadecimal digit SHA digest created using md5sum or sha1sum. (This option appears only when you select v3 and Privacy as Supply a Key.)

Community

For v1 or v2 trap receivers, specifies the SNMP community name. For example, public or private v3 trap receivers need a remote user with an authentication protocol, a password, and a security level.

Enable Receiver

Enables the new trap receiver. Clear to disable the receiver.

To test an SNMP trap, under SNMP Trap Test, click Run.