Filter
Top Products
Configuring the RAC for SNMP
300861-C Rev. 00 2-3
Defining the Community String
When an SNMP request is received by the agent in the RAC, the agent performs
three tests to authenticate the request. The tests are as follows:
• Each SNMP message contains a community string in its header. The receiving
SNMP agent tries to match the message’s string with an existing community
string list. If there is no match, the SNMP agent discards the message without
responding to the sender and increments the MIB-II object
snmpInBadCommunityNames.
• When the community string match is found, the sender’s IP address is
checked against the IP address for the matching community string(s). If there
is no match, the SNMP agent discards the message without responding to the
sender and the MIB-II object snmpInBadCommunityNames is incremented.
• If the community string and the IP address in the SNMP request matches one
of the configured community strings, the access mode is checked for that
community. If the access is read-write, the SNMP request is processed. If the
access is read-only and the SNMP is a get or get next, the request is
processed. In all other cases (access is none or access is read-only and the
request is a set), an error noSuchName is returned to the sender and the
MIB-II object snmpBadCommunity is incremented.
The keyword community defines an SNMP community name from which the
RAC responds to requests. At system start-up, the SNMP agent requires at least
one community string to be defined in the configuration file. If the file does not
contain a community string, the RAC defaults to the community name public
(unless SNMP is disabled in the parameter disabled_modules), and allows read
and write access to all IP addresses.
The SNMP agent authenticates an SNMP request through the use of access
permissions. The configuration file format for SNMP defines the IP address and
access modes. Security is set by defining community strings that have none,
read-only,orread-write access to the MIB variables. The format is shown below:
snmp community
<string> <IP address> <access>
You can use a wild card (*) to define the IP address. Using a wild card allows
anybody with that community string to have access.
You can specify up to ten SNMP community names in the gateway section of the
configuration file, but each community requires a separate line. The RAC adds
these communities to the SNMP agent’s community table.