SNMP Agent Components

This section presents key components used to set up SNMP management on the Makito X1.

snmpd

snmpd is an SNMP agent that binds to a port and listens for requests from SNMP management software. Upon receiving a request, it performs the requested operation, either retrieving information or configuring the system. When finished processing the request, the agent sends a response to the sender with the requested information or the status of the configuration operation.

When you start an SNMP agent on a Makito X Series device using the service snmp start command, it loads the management database with the MIB files in the directory /usr/share/snmp/mibs and configures the agent with the files in /usr/share/snmp.

snmpd.conf

snmpd.conf is the configuration file that defines how the SNMP agent works. You may need to edit this file to specify the location of the Network Management System (NMS). However, for most settings, it is preferable to use the nmcfg configuration script.

On a Makito X Series device, the snmpd.conf file includes:

access control setup (i.e., community and user privileges),
system information setup (e.g., system location, services and contact).

snmpd.conf is located in the directory /usr/share/snmp.

For a detailed description, see the snmpd.conf file.

snmpd.local.conf

snmpd.local.conf is the configuration file that defines the VACM (View-based Access Control Model) views modeling the privilege levels of the Makito X Series user groups: admins, operators, and users. These groups can be used for v1/v2c communities and v3 USM users.

This file cannot be modified. Access groups are used in place of the traditional ro (readonly) and rw (read-write) permissions when setting communities' and users' access with the nmcfg configuration script.

SNMP Community Names

Following are the default SNMP community names and their privileges for accessing the Makito X Series MIBs.

SNMP Community Name	Access Rights
`admin`	Read and write permission from local network and local host
`public`	Read-only permission from local network

nmcfg

nmcfg is the configuration script that helps the configuration of the SNMP agent. It is particularly useful for the creation and management of SNMPv3 users of the User-based Security Model (USM) and the assignment of VACM (View-based Access Control Model) access rights to communities and users. The script interacts with the /var/netsnmp/snmpd.conf persistent data file, which maintains the USM user database and other SNMP agent persistent information. The script also performs snmpget commands to display the list of USM users, which is not available in a human readable form in any configuration file.

The script also reads and modifies the snmpd.conf configuration file to manage system parameters (contact, location), community-based (v1/v2c) security, and user access control. Used without parameters, it displays a summary of the SNMP agent configuration: system parameters, access control, and SNMPv3 USM users.

Following is an example of the nmcfg configuration script output:

BASH

# nmcfg
system parameter           value
-------------------------- --------------------------------------------------
engineid                   0x80001f88030050c2c611ad 
contact                    "john doe <jdoe@example.net>" 
location                   "QA lab"

model         perm/group        level          user/community       source
------------- ----------------- -------------- -------------------- ---------
usm           guest             auth           guest                -
usm           administrator     priv           johndoe              -
v2c           administrator     noauth         admin                localhost
v2c           administrator     noauth         admin                localnet
v2c           guest             noauth         public               localnet
v2c           rw                noauth         tech                 any

auth protocol 		   priv protocol          user
---------------------- ---------------------- -------------------------------
MD5                    DES                    admin
MD5                    nopriv                 guest
SHA                    AES                    johndoe

# nmcfg help 
usage: nmcfg
nmcfg help
nmcfg access help
nmcfg access usm permit <uname> {<group>|ro|rw} [{noauh|auth|priv}]
nmcfg access usm delete <uname> 
nmcfg community help
nmcfg community permit <community> {<group>|ro|rw} [<host>]
nmcfg community delete <community> [{<group>|ro|rw} [<host>]]
nmcfg system help
nmcfg system define <param> "<value>"
nmcfg system delete <param>
nmcfg user help
nmcfg user define <uname> [{MD5|SHA} "<apwd>" [{DES|AES} ["<ppwd>"]]]
nmcfg user delete <uname>