HP OpenView System Administration Handbook [Electronic resources] : Network Node Manager, Customer Views, Service Information Portal, HP OpenView Operations

5.4 CONFIGURING SNMP COMMUNITY NAMES

Community names are passwords used by the SNMP agent to restrict access to information provided by the MIB. In order to retrieve information from the MIB, NNM needs to be configured with the community name of every device. The global default for community names in NNM is set to "public." This allows SNMP read access to devices that do not have a read community name configured.

5.4.1 SNMP Manager Configuration

You can configure community names in NNM by selecting Options

SNMP Configuration from the menu bar. In the center section of the dialog box displayed in Figure 5-4 you can see the entry for the global default for SNMP devices. Get Community is set to "public" and there is no Set Community name configured. The status polling timeout, retry, and Polling interval are also displayed. If you would like to modify the Global default, select the Global Default, update the values you would like to modify (Get Community, Set Community, and so on) and click the Replace button. To add a new entry, supply the Target (hostname or IP address), the Get Community, and the Set Community, and click the Add button. The example listed shows the hostname r208w100, the Get Community "mickey" and the Set Community "mouse." If you do not specify values for timeout, retry, and so on, the Global Default will be used.

Individual hostname targets will be listed in the top section of the dialog box, sub-titled

Specific Nodes . You cannot use wildcards (*) when specifying hostnames. The next section of the dialog box, sub-titled

IP Address Wildcards , permits IP addresses to be specified using wildcards (*) and also allows for the specification of IP address ranges. For example, if a certain type of network device in your enterprise ends with a 1 in the last octet and is configured with the same community name, you can specify the IP addresses using a wildcard:

156.155.*.1

Similarly, if you would like to specify a range of IP addresses with the same community name use the target

156.155.[201-210].1

You can also combine IP address wildcards and ranges:

156.[150-153].*.1

5.4.2 SNMP Agent Configuration

The agent configuration, not to be confused with the management station configuration, will vary based on the type of system. One area that may cause some confusion is the fact that the management station itself also must have an SNMP agent running on it. In this respect, it is just like any other managed node. Most Unix systems have a configuration file such as /etc/snmpd.conf. To configure the SNMP agent, modify the get-community-name and set-community-name entries. Sample entries in the snmpd.conf are shown. The trap-dest will usually be set to your NNM management station. This is the location to which to send agent initiated SNMP traps. Multiple trap destinations can be defined in this file in the case that more than one SNMP management station exists.

The SNMP agent configuration should include the following entries:

get-community-name: mickey
set-community-name: mouse
trap-dest: 156.155.204.8

After the changes have been made to the SNMP agent configuration, you will need to restart the SNMP agent. This process varies based on the agent you are running. NNM ships with the SNMP Research® EMANATE agent. This agent uses a master/sub-agent technology, which requires a restart of the SNMP master agent and the sub-agents. Use the following steps to add community names and restart the EMANATE agent:

UNIX:

1. Modify

   /etc/snmpd.conf with the get-community-name and the set-community-name.

   get-community-name: mickey

   set-community-name: mouse

2. Stop the master and sub-agents.

   /sbin/init.d/SnmpMaster stop

3. Start the master and sub-agents.

   /etc/snmpd

4. Verify SNMP communication to the hostname.

   snmpwalk <hostname> system

Windows:

1. Use the Notepad^[4] editor to modify the file

   ^[4] Some editors cannot handle files with four character extensions.

   %OV_CONF%\ SNMPAgent\snmpd.conf

   with the get-community-name and the set-community-name as follows:

   get-community-name: mickey

   set-community-name: mouse

2. Restart the SNMP agent service. The

   Services are accessible from

   Control Panel for Windows NT and the

   MCC for Windows 2000. Scroll down the list until you reach the SNMP EMANATE Adapter for Windows and SNMP EMANATE Master Agent.

3. Select the

   Windows Adapter and

   Stop the process. You will be prompted for confirmation.

4. Select the

   Master Agent and

   Start the process.^{section 5.1.3} for troubleshooting. You can test the set-community-name through the NNM GUI by attempting to set a read-write MIB variable such as system contact. Follow these steps to test the set-community-name of a MIB variable:

   1. From the NNM GUI, select a node that has a set-community-name configured and start the MIB Browser by selecting

      Tools

      SNMP

      MIB

      Browser

   2. Traverse the subtree:

      mgmt.mib-2.system

   3. Select the variable

      sysContact and click

      [Start Query] .

   4. Verify the MIB value. You should see the instance^[6]

      0 and no contact information unless the contact was previously set.

      ^[6] The instance will always be 0 unless there are multiple instances for the variable. For example, if there are multiple file systems there will be a unique instance number for each file system and the instance will begin with 1.

   5. Set the

      sysContact by entering the MIB Instance 0, the set-community-name and click

      [Set] . The SNMP Set Value must match the set-community-name string you entered in the snmpd.conf (or the agent configuration) file.