Table of Contents
Advertisement
The Fusion Manager automatically creates the excludeAll view that blocks access to all OIDs.
This view cannot be deleted; it is the default read and write view if one is not specified for a group
with the ibrix_snmpgroup command. The catch-all OID and mask are:
OID = .1
Mask = .1
Consider these examples, where instance .1.3.6.1.2.1.1 matches, instance .1.3.6.1.4.1 matches,
and instance .1.2.6.1.2.1 does not match.
OID = .1.3.6.1.4.1.18997
Mask = .1.1.1.1.1.1.1
OID = .1.3.6.1.2.1
Mask = .1.1.0.1.0.1
To add a pairing of an OID subtree value and a mask value to a new or existing view, use the
following format:
ibrix_snmpview -a -v VIEWNAME [-t {include|exclude}] -o OID_SUBTREE [-m MASK_BITS]
The subtree is added in the named view. For example, to add the StoreAll software private MIB
to the view named hp, enter:
ibrix_snmpview -a -v hp -o .1.3.6.1.4.1.18997 -m .1.1.1.1.1.1.1
Configuring groups and users
A group defines the access control policy on managed objects for one or more users. All users
must belong to a group. Groups and users exist only in SNMPv3. Groups are assigned a security
level, which enforces use of authentication and privacy, and specific read and write views to
identify which managed objects group members can read and write.
The command to create a group assigns its SNMPv3 security level, read and write views, and
context name. A context is a collection of managed objects that can be accessed by an SNMP
entity. A related option, -m, determines how the context is matched. The format follows:
ibrix_snmpgroup -c -g GROUPNAME [-s {noAuthNoPriv|authNoPriv|authPriv}]
[-r READVIEW] [-w WRITEVIEW]
For example, to create the group group2 to require authorization, no encryption, and read access
to the hp view, enter:
ibrix_snmpgroup -c -g group2 -s authNoPriv -r hp
The format to create a user and add that user to a group follows:
ibrix_snmpuser -c -n USERNAME -g GROUPNAME [-j {MD5|SHA}]
[-k AUTHORIZATION_PASSWORD] [-y {DES|AES}] [-z PRIVACY_PASSWORD]
Authentication and privacy settings are optional. An authentication password is required if the
group has a security level of either authNoPriv or authPriv. The privacy password is required if the
group has a security level of authPriv. If unspecified, MD5 is used as the authentication algorithm
and DES as the privacy algorithm, with no passwords assigned.
For example, to create user3, add that user to group2, and specify an authorization password
for authorization and no encryption, enter:
ibrix_snmpuser -c -n user3 -g group2 -k auth-passwd -s authNoPriv
Deleting elements of the SNMP configuration
All SNMP commands use the same syntax for delete operations, using -d to indicate the object is
to be deleted. The following command deletes a list of hosts that were trapsinks:
ibrix_snmptrap -d -h lab15-12.domain.com,lab15-13.domain.com,lab15-14.domain.com
There are two restrictions on SNMP object deletions:
A view cannot be deleted if it is referenced by a group.
A group cannot be deleted if it is referenced by a user.
Using SNMP notifications
61
Advertisement
Table of Contents
Troubleshooting
