Manage SNMP

This topic describes how to manage the SNMP server using the Web Administration Interface.

An SNMP server runs on port 161 on the appliance to enable a Network Management System (NMS) to query status information from the appliance. You can configure the SNMP server to run on any of the interfaces on the appliance.

SNMP server configuration

To configure the SNMP server, click the SNMP Server link in the WAI menu.

SNMP server configuration

Complete the following steps:

  1. In the System Details section, enter the location of the host on which the SNMP agent runs in the Location field, and the system contact address in the Contact field. Click the Save Details button to record the system details.
  2. To allow SNMP version 1 or 2c clients to connect to the SNMP server, you must configure a set of SNMP communities in the SNMP V1/V2c Communities configuration section. For more details, see SNMP V1/V2c communities.
  3. To allow SNMP version 3 clients to connect to the SNMP server, you must specify the SNMP users in the SNMP V3 Users configuration section. For more details, see SNMP V3 users.
  4. In the Networking Options section, enter the IP addresses of the interfaces that the SNMP server should listen on in the Listen on Addresses fields and click the Save Settings button.
  5. You can use the MIBs link to view the Management Information Bases (MIBs) that are understood by this machine. An NMS uses the same MIBs installed on the appliance to make sense of the status information retrieved from the machine (for example, to interpret object identifiers). A file listing of MIB files installed on the appliance is displayed in a new window. You can view any of the MIB files by clicking the file name. You can then save the MIB from your browser, and import it into an NMS.

SNMP V1/V2c communities

You can edit most of the configuration settings for existing communities directly using the fields in the SNMP V1/V2c Communities table. If you change any settings in the table, click the Apply Changes button to save the changes.

To add a new community click the Add New Community button, and complete the following steps:

  1. Enter the unique name of the community in the Name field.
  2. Enter the network address in the IP/Netmask field. This dictates the network from which members of the specified community can access the SNMP server. The network address is specified using CIDR-style notation, which consists of the dotted IP address of the network followed by a /, and then a prefix length.
    For example, in comparison to traditional netmask usage, 192.168.0.0/24 indicates the 192.168.0.0 network with a netmask of 255.255.255.0.
  3. Use the Permissions list to assign Read Only or Read/Write permissions to members of the community on the selected network, and also to disable permissions.
  4. Click the Create new Community button.

To delete a community select the Delete check box next to the community on the main SNMP Server configuration page, and click the Apply Changes button.

Note   A default community named public is preconfigured on the appliance to grant Read Only permissions to clients from any network (it has a netmask of 0.0.0.0/0).

SNMP V3 users

The configuration settings for existing users are displayed in the SNMP V3 Users table. You can edit user details directly by modifying the values in the table, and clicking the Apply Changes button.

To disable a user select the Disabled option from the Permissions list, and click the Apply Changes button. To delete a user select the Deleted check box, and click the Apply Changes button.

To add a new user, click the Add New User button and complete the following fields:

  1. Enter a name for the new user in the Name field.
  2. Specify the permissions for the new user using the Permissions list. You can configure Read Only or Read/Write permissions. You can also disable a user by selecting the Disabled option.
Note   To only change the user's permissions, make sure to select the Retain password option from both the Authentication Algorithm and Privacy Algorithm drop-down lists.
  1. Select the algorithm to use when hashing the user's password by selecting MD5 or SHA from the Authentication Algorithm list.
  2. Enter the user's password in the Authentication Password field.
Note   If either the password or algorithm is changed for an existing user, the Privacy Algorithm and Privacy Password must also be changed or re-entered.
  1. Select DES or AES from the Privacy Algorithm list. The selected algorithm is used to encrypt the channel between the SNMP client and server.
  2. Enter the password to use to encrypt and decrypt data sent to and from the client in the Privacy Password field.
Note   If you change either the password or algorithm for an existing user here, the Authentication Algorithm and Authentication Password must also be changed or re-entered.
  1. Click the Create New User button to create the new user.

Start the SNMP service at bootup

As as security measure the SNMP server daemon is not automatically enabled on the appliance. To start the service automatically on system bootup, click the Bootup and Shutdown link in the WAI menu, select the snmpd service in the table and click the Start On Boot button. For more information, see Configure a service to start at bootup.

Allow SNMP connections

As a security measure, the SNMP daemon is configured to listen only on the loopback interface of the appliance by default, and is inaccessible from the network. To use SNMP monitoring, you must enable the SNMP interface. Perform the following steps:

  1. To choose which network interface the SNMP daemon should listen on, select the Network Configuration link in the WAI menu and click Network Interfaces.
  2. Choose an interface and make a note of the IP address.
Note   Do not use the same interface that is being used for API Gateway traffic.
  1. Select the SNMP Server link in the WAI menu.
  2. In the Networking Options section, enter the IP address of the interface in the Listen on Addresses field and click the Save Settings button.

For more information on network interfaces, see Network interfaces.

Related Links