HP T9576G06, T9576H01 Management Manual

Page 1
SNMP Configur ation and Management Manual
Abstract
This manual describes how to install, start, configure, and stop the HP Simple Network Management Protocol (SNMP) Agent and subagents. The SCF commands used by SNMP are described. This manual also discusses the objects in the Management Information Bases (MIBs) used by the agent and subagents. The SNMP Agent and its subagents comply w ith SNM P Requ est s for Comm ent (R F Cs) so that SNM P-comp l iant management applications, known as SNMP managers, can manage various resou rces on an HP NonStop™ host.
Product Version
SNMP Agent (T9576G06), T9576H01)
Supported Release Version Updates (RVUs)
This manual supports the G06.24 RVU and all subsequent G-series RVUs and the H06.03 RVU and all subsequent H-series RVUs until otherwise indicated by its replacement publication.
Part Number Published
424777 -006 July 20 05
Page 2
Document History
Part Number Product Version Published
424777- 002 SNMP Ag ent (T9576G06) May 2002 424777- 003 SNMP Ag ent (T9576G06) November 2002 424777- 004 SNMP Ag ent (T9576G06) December 2003 424777- 005 SNMP Ag ent (T9576G06) Septem ber 2004 424777- 006 SNMP Ag ent (T9576G06, T9576 H 01) July 2004
Subagent Product Versions IPX/SPX Sub agent (T8170D30)
TCP/IP Subagent (T7862G05) Ethernet/Token Ring Subagent (T0326G06) Trap Multiplexer (T1041G06) NonStop NET/MASTER Trap Subagent (T8491D20) EMS Trap Subagent (T9632D31) Host Resources Subagent (T8496G04) ONS Subagent (T8103D40)
Page 3
Hewlett-Packard Company—424777-006
i
SNMP Configuration and Management Manual
Glossary Index Examples Figures Tables
What’s New in This Manual xxiii
Manual Information xxiii New and Changed Information xxiv
About This Manual xxv
Your Comments Invited xxv Audience xxv Purpose xxvi Organization xxvi Related Reading xxviii Notation Conventions xxviii
Part I. Installing and Configuring SNMP
1. The NonStop SNMP Environment
Subsystem Components 1-4
SNMP Manager Station 1-4 SNMP Manager 1-5 PDU 1-5 MIB 1-5 SNMP Agent 1-5
SNMP Subagent 1-6 Toolkits 1-6 Message Protocol 1-6
General SNMP Message Format 1-7
Request PDUs 1-7
Response PDU 1-8
Trap PDU 1-8
Transmitting and Receiving SNMP Packets 1-8 Information Protocol 1-9
SNMP Naming Scheme 1-10
The Management Information Base 1-12
Page 4
Contents
SNMP Configuration and Management Manual—424777-006
ii
1. The NonStop SNMP Environment (continued)
1. The NonStop SNMP Environment (continued)
Traps 1-14 Architectural Overview of NonStop SNMP 1-14 RFC Compliance 1-17 Related Documents 1-18
2. Installing and Configuring the SNMP Agent
Installation 2-1 Before You Configure the SNMP Agent Operations Environment 2-1 Initialization Tasks 2-3 The Default SNMP Agent 2-3 The SNMPCTL File 2-6 Configure the SNMCTL File to Control the SNMP Agent 2-6 RUN Command 2-7
Special Considerations for Users of Logical Network Partitions (LNPs) 2-12
Startup Parameter Summary 2-13
WARM | COLD Custom Configuration Parameters for the RUN Command 2-14
The SNMPCTL File and TRAPPORT 2-16 PARAM Statements’ Custom Configuration for the RUN Command 2-16 Using SCF to Configure Components of the SNMP Agent Environment 2-16
SNMP Agent Process 2-16
Security 2-16
Request/Response Connections 2-17
Trap Connections 2-17
Trap Por t 2-17 Configuring the SNMP Agent Through SNMP Requests 2-17
Request/Response Connections 2-17
Trap Connections 2-17
Authentication Table Entries 2-17
Managing Configuration Definitions Through SNMP 2-18 Single-Node and Multiple-Node Scenarios 2-19 Starting Multiple SNMP Agents on Each Node 2-23 Stopping the SNMP Agent 2-24 Configuring the EMS Collector 2-25
Using the COLLECTOR Startup Parameter 2-26
Using the SCF ALTER PROCESS Command 2-26 Configuring Security 2-26
Authenticating Requests Received Over TCP/IP 2-26
Authenticating Requests Received Using the IPC Interface 2-31
Page 5
Contents
SNMP Configuration and Management Manual—424777-006
iii
2. Installing and Configuring the SNMP Agent (continued)
2. Installing and Configuring the SNMP Agent (continued)
After a Request Has Been Authenticated 2-31 Security Scenarios for SNMP Managers Using TCP/IP 2-32
Configuring TCP/IP Request/Response Connections 2-34
Single-Agent Connections 2-35 Multiple-Agent Connections 2-35 Remote Connections 2-37
Configuring Trap Destinations 2-38
Dynamically Generated Trap Destinations 2-40 Forwarding Traps to Managers Communicating Through IPC 2-41 Disabling the Sending of Traps 2-41 Single-Host Connections 2-42 Multiple-Host Connections 2-43
3. MIBs Supported by th e SNMP Agent
SNMP Agent MIB Groups 3-1 RFC Compliance 3-2 Installation 3-2 System Group 3-3
MIB Objects 3-3 RFC Compliance 3-5
SNMP Group 3-6
MIB Objects 3-7 RFC Compliance 3-10
zagInternal Group 3-10
MIB Objects 3-11 SNMP Manager Access to Private MIB Objects 3-20 Table Row Management Overview 3-22 Managing Table Rows From SNMP Managers 3-24
Creating a Table Row 3-28
Default Values for Table Row Objects 3-29
Activating Table Row Entries 3-29
Deactivating Table Row Entries 3-30
Modifying Table Row Entries 3-30
Deleting a Table Row 3-30 Configuring the SNMP Agent Through SNMP Requests 3-30
Request/Response Connections 3-30
Trap Connections 3-30
Authentication Table Entries 3-31
Page 6
Contents
SNMP Configuration and Management Manual—424777-006
iv
4. Introduction to SCF for the SNMP Agent
Part II. SCF for the SNMP Agent
4. Introduction to SCF for the SNMP Agent
Tasks You Can Perform With SCF 4-1 SCF and the DSM Family of Products 4-2
Subsystem Programmatic Interface 4-2
The Subsystem Control Point 4-2 Objects 4-3
Object Attributes 4-3
Object Hierarchy 4-4
Object States 4-4 The PROCESS O bject 4-5
Naming Conventions: PROCESS Object 4-5
PROCESS Object States 4-6
PROCESS Object Attributes 4-6
Default PROCESS Object 4-6 The ENDPOINT Object 4-8
Naming Conventions: ENDPOINT Object 4-8
ENDPOINT Object States 4-9
ENDPOINT Object Attributes 4-10
Default ENDPOINT Object 4-10 The PROFILE Object 4-12
Naming Conventions: PROFILE Object 4-12
PROFILE Object States 4-14
PROFILE Object Attributes 4-14
Default PROFILE Object 4-14 The TRAPDEST Object 4-16
Naming Conventions: TRAPDEST Object 4-16
TRAPDEST O bject States 4-17
TRAPDEST Object Attributes 4-18
Default TRAPDEST Objects 4-18
SCF-Configured Trap Destination Limitations: Broadcast Only 4-19 Running SCF 4-21 Entering SCF Commands 4-21
SCF Commands for Managing Your SCF Session 4-21
SCF Commands for Managing a Subsystem 4-22
Sensitive and Nonsensitive Commands 4-23
Command Modifiers 4-23
Entering Multiple Commands at a Prompt 4-23
Page 7
Contents
SNMP Configuration and Management Manual—424777-006
v
4. Introduction to SCF for the SNMP Agent (continued)
4. Introduction to SCF for the SNMP Agent (continued)
Continuing a Command to the Next Line 4-23
Directing Output to a File 4-24 Error Messages 4-24 SCF Online Help 4-24
Displaying Help for NonStop Agent SCF Commands 4-24
Displaying Help for SCF Error Messages 4-25 SCF Information Specific to the NonStop Agent 4-25
The SCF Product Module for the NonStop Agent 4-26
Before You Can Issue SCF Commands Against the NonStop Agent 4-26
SCF Configuration and the TCPIP^PROCESS^NAME Startup Parameter 4-27
5. SCF Commands for the SNMP Agent
Configuration Restrictions: Attribute Conflicts 5-2 ABORT Command 5-3
ABORT ENDPOINT Command 5-3
ABORT PROFILE Command 5-4
ABORT TRAPDEST Command 5-5 ADD Command 5-5
ADD ENDPOINT Command 5-6
ADD PROFILE Command 5-8
ADD TRAPDEST Command 5-10 ALTER Command 5-13
ALTER ENDPOINT Command 5-13
ALTER PROCESS Command 5-15
ALTER PROFILE Command 5-16
ALTER TRAPDEST Comman d 5-17 DELETE Command 5-19
DELETE ENDPOINT Command 5-19
DELETE PROFILE Command 5-19
DELETE TRAPDEST Command 5-20 INFO Command 5-21
INFO ENDPOINT Command 5-21
INFO PROCESS Command 5-22
INFO PROFILE Command 5-23
INFO TRAPDEST Command 5-24 NAMES Command 5-25 START Command 5-26
START ENDPOINT Command 5-26
Page 8
Contents
SNMP Configuration and Management Manual—424777-006
vi
5. SCF Commands for the SNMP Agent (continued)
5. SCF Commands for the SNMP Agent (continued)
START PROFILE Command 5-26 START TRAPDEST Command 5-27
ST ATUS Command 5-28
STATUS ENDPOINT Command 5-28 STATUS PROCESS Command 5-29 STATUS PROFILE Command 5-30 STATUS TRAPDEST Command 5-31
STOP Command 5-32
STOP ENDPOINT Command 5-33 STOP PROFILE Command 5-33
STOP TRAPDEST Co mmand 5-34 TRACE Command 5-35 VERSION Comm and 5-37
Part III. Troubleshooting
6. SNMP Agent PTrace Facility
Introduction to PTrace 6-1 Running PTrace 6-3
Starting a Noninteractive PTrace Session 6-3
Starting an Interactive PTrace Session 6-4 Device Type 6-4 PTrace Commands 6-4
PTrace Commands Supported by the NonStop Agent 6-5
PTrace Commands Not Supported by the NonStop Agent
6-5
Subset of Useful NonStop Agent PTrace Commands
6-5
FROM Command 6-6 NEXT Command 6-7 RECORD Command 6-9 SELECT Command 6-10
7. Troubleshooting the SNMP Agent
Troubleshooting Strategy 7-1 Diagnosing Startup Errors 7-1 Identifying Unavailable Resour ces 7-2
Underlying Request/Response Connection Resources 7-2 Underlying Trap Destination Resources 7-2
Using EMS Filters 7-2
Page 9
Contents
SNMP Configuration and Management Manual—424777-006
vii
7. Troubleshoot ing the SNMP Agen t (continued)
7. Troubleshooting the SNMP Agent (continued)
Creating a Filter 7-3 Compiling the Filter 7-4 Displaying Filtered Event Messages 7-4
Using Trace Records 7-4
TCP/IP 7-5 SNMP Agent 7-5
Diagnosing Request Errors 7-6
Part IV. SNMP Subagents
8. TCP/IP Subagent
Architectural Overview 8-1
The TCP/IP Subagent and Its Managed Resources 8-4 The NonStop TCP/IP Subagent and the SNMP Agent 8-4 The Parallel Library TCP/IP Subagent and Its Managed Resources 8-4 The NonStop TCP/IPv6 Subagent and its Managed Resources 8-5 Standard MIB-II Groups Supported by the TCP/IP Subagent 8-5 Private MIB Objects Supported by the TCP/IP Subagent 8-7 MIB Value Derivation 8-7 Unavailable Resources 8-8 Reporting Values for Uninstrumented Objects 8-8 Refreshing MIB Values 8-9
Initiating Backup Process Takeover 8-10 Related Documents 8-11 RFC Compliance
8-11
Installing the TCP/IP Subagent
8-11
Installation Steps 8-11 Before Starting the TCP/IP Subagent 8-12 Starting the TCP/IP Subagent 8-12 Stopping the TCP/IP Subagent 8-16 Configuring a Running TCP/IP Subagent 8-16
Querying a Running TCP/IP Subagent 8-16
Controlling a Running TCP/IP Subagent 8-17 ZTSA MIB Objects 8-20
State Object/Resource Object Pairs 8-28 Interfaces Group 8-30
MIB Objects 8-31
Page 10
Contents
SNMP Configuration and Management Manual—424777-006
viii
8. TCP/IP Subagent (continued)
8. TCP/IP Subagent (continued)
RFC Compliance 8-38
ifTable Maintenance 8-38 IP Group 8-40
MIB Objects 8-41
RFC Compliance 8-48
ipAddrTable Maintenance 8-50
ipRouteTable Maintenance 8-50
ipNetToMediaTable Maintenance 8-51 ICMP Group 8-51
MIB Objects 8-52
RFC Compliance 8-55 TCP Group 8-56
MIB Objects 8-57
RFC Compliance 8-60
tcpConnTable Maintenance 8-61 UDP Group 8-61
MIB Objects 8-62
RFC Compliance 8-63
udpTable Maintenance 8-63 Traps Generated by the TCP/IP Subagent 8-64 EMS Support 8-64
Data Definitions 8-67
Subsystem ID 8-68
Tokens in ZTSA Event Messages 8-68
Event Message Descriptions 8-70
1001: ZTSA-EVT-SUBAGENT-AVAIL 8-70
1002: ZTSA-EVT-SUBAGENT-UNAVAIL 8-72
1003: ZTSA-EVT-AGENT-OBJ-AVAIL 8-75
1004: ZTSA-EVT-AGENT-OBJ-UNAVAIL 8-77
1005: ZTSA-EVT-BACKUP-OBJ-AVAIL 8-79
1006: ZTSA-EVT-BACKUP-OBJ-UNAVAIL 8-82
1007: ZTSA-EVT-EMSCOLL-OBJ-AVAIL 8-85
1008: ZTSA-EVT-EMSCOLL-OBJ-UNAVAIL 8-87
1009: ZTSA-EVT-TCPIP-OBJ-AVAIL 8-90
1010: ZTSA-EVT-TCPIP-OBJ-UNAVAIL 8-92
1011: ZTSA-EVT-OUT-OF-MEMORY 8-95
1012: ZTSA-EVT-INTERNAL-FAULT 8-97
1013: ZTSA-EVT-CONFIGURATION-INVALID 8-99
Page 11
Contents
SNMP Configuration and Management Manual—424777-006
ix
8. TCP/IP Subagent (continued)
8. TCP/IP Subagent (continued)
1014: ZTSA-EVT-TAKEOVER-BY-BACKUP 8-101
1015: ZTSA-EVT-LANMON-OBJ-UNAVAIL 8-102
1022: ZTSA-EVT-PIFGETSTATUS-ERROR 8-103
1023: ZTSA-EVT-PIFGETATTR-ERROR 8-105
1039: ZTSA-EVT-LIFGETATTR-ERROR 8-106
1041: ZTSA-EVT-PIFGETSTATS-ERROR 8-108
Converting Events to Traps 8-109
9. EMS Trap Subagent
Architectural Overview 9-1 RFC Compliance 9-3 Installation 9-4
Dependencies 9-4
Installation Steps 9-4 Configuration 9-8
Event Filter 9-8
Trap Connections 9-9 Starting and Stopping the Subagent 9-9 The Trap PDU 9-10 The EMS Trap MIB 9-12
10. NonStop NET/MASTER Trap Subagent
Architectural Overview 10-1 RFC Compliance 10-3 Installation 10-3
Dependencies
10-3
Installation Steps
10-4
Configuration 10-9
Modifying GENTRAP 10-9
Trap Connections 10-13 Starting and Stopping the Subagent 10-13 The Trap PDU 10-14 The EMS Trap MIB 10-14 Messages 10-18
openagent Failures 10-18
sendtrap Failures 10-19
closeagent Failures 10-20
Page 12
Contents
SNMP Configuration and Management Manual—424777-006
x
11. Host Resources Subagent
11. Host Resources Subagent
Architectural Overview 11-1
Standard MIB Groups 11-1
MIB Extens ions 11-3
Proactive Hardware Manage ment 11-5
Refreshing MIB Values 11-5
MIB Value Management 11-6
Obtaining Information About the Subagent 11-6
Initiating Backup Process Takeover 11-7
Monitoring the Open System Services (OSS) File System 11-7
Related Documents 11-8
RFC Compliance 11-8 Installation 11-8
Dependencies 11-8
Installation Steps 11-9 Configuration 11-10 Starting and Stopping the Subagent 11-12 Troubleshooting the Subagent 11-21
EMS Event Messages 11-22
Startup Problems 11-22
Manager Timeouts 11-22 hrSystem Group 11-25
MIB Objects 11-25
Sample Data 11-27
RFC Compliance 11-28 hrSystem Group Maintenance 11-28 hrStorage Group 11-29
MIB Objects 11-30
Sample Data 11-33
RFC Compliance 11-34
hrStorage Group Maintenance 11-34 hrDevice Group 11-35
MIB Objects 11-39
Sample Data 11-47
RFC Compliance 11-49
hrDevice Group Maintenance 11-50 hrSWRun Group 11-53
MIB Objects 11-54
Sample Data 11-57
Page 13
Contents
SNMP Configuration and Management Manual—424777-006
xi
11. Host Resources Subagent (continued)
11. Host Resources Subagent (continued)
RFC Compliance 11-58
hrSWRun Group Maintenance 11-58 hrSWRunPerf Group 11-59
MIB Objects 11-59
Sample Data 11-60
RFC Compliance 11-61
hrSWRunPerf Grou p Maintenanc e 11-61 zhrmTableInfo Group 11-62
MIB Objects 11-64
Sample Data 11-76
zhrmTableInfo Group Maintenance 11-77 zhrmThreshold Group 11-77
MIB Objects 11-78
Sample Data 11-84
zhrmThreshold Group Maintenance 11-84 zhrmDevUnavail Group 11-85
MIB Objects 11-85
Sample Data 11-90
zhrmDevUnavail Group Maintenance 11-90 zhrmSaProcess Group 11-91
MIB Objects 11-91
Sample Data 11-94
zhrmSaProcess Group Maintenance 11-95 zhrmRefresh Group 11-96
MIB Objects 11-96
Sample Data 11-98
zhrmRefresh Group Maintenance 11-98 Traps 11-99
Routing Traps 11-100
Enabling Traps 11-100
Thresholds and Traps 11-100
Trap PDU 11-101
zhrmTra pDevi ceStateCh ange Trap 11-102
zhrmRAMThreshold Trap 11-103
zhrmDiskThreshold Trap 11-103 EMS Support 11-104
Data Definitions 11-105
Subsystem ID 11-105
Page 14
Contents
SNMP Configuration and Management Manual—424777-006
xii
11. Host Resources Subagent (continued)
11. Host Resources Subagent (continued)
Tokens in ZHRM Event Messages 11-105
Event Message Descriptions 11-107
001: ZHRM-EVT-HRM-SA- TERMIN ATED 11-108
002: ZHRM-EVT-HRM-S A-STARTED 11-109
003: ZHRM-EVT-HRM-SA- IO-E RR 11-111
004: ZHRM-EVT-HRM -SA- NO -M EM-S PACE 11-113
005: ZHRM-EVT-HRM-S A-PROG -E RR 11-114
Related Operating System Event Messages 11-115
Converting Events to Traps 11-116
12. Trap Multiplexer Subagent/Manager
Architectural Overview 12-1
Trap-to-Event Conversion 12-1
SNMP Request Processing 12-3 Related Documents 12-3 Installation 12-4
Dependencies 12-4
Installation Steps 12-4 Configuration 12-4 Starting and Stopping the Trap Multiplexer 12-6
Using the -t and PARAM Startup Parameters 12-10 ztmxPDUSt atistics Group 12-12
MIB Objects 12-12
ztmxPDUStatistics Group Maintenance 12-15 ztmxProcess Group 12-16
MIB Objects 12-16
ztmxProcess Group Maintenance 12-20 EMS Messages 12-21
Event Summary 12-21
Data Definitions 12-25
Subsystem ID 12-26
Tokens in ZTMX Event Messages 12-26
Trap Event Message Descriptions 12-28
000: ZTMX-EVT-TRAP -COLD START 12-32
001: ZTMX-EVT-TRAP -WARMSTART 12-33
002: ZTMX-EVT-TRAP -LINK DOW N 12-34
003: ZTMX-EVT-TRAP -LINK UP 12-35
004: ZTMX-EVT-TRA P-A UTH -FAIL 12-36
Page 15
Contents
SNMP Configuration and Management Manual—424777-006
xiii
12. Trap Multiplexer
Subagent/Manager (continued)
12. Trap Multiplexer Subagent/Manager (continued)
005: ZTMX-EVT-TRAP -EG P-LOS S 12-37
006: ZTMX-EVT-TRAP -E NT-SPFC 12-38
Process Event Message Descriptions 12-39
101: ZTMX-EVT-TMX- TER MINATED 12-40
102: ZTMX-EVT-TMX- STARTED 12-42
103: ZTMX-EVT-TMX- IO-ER R 12-43
104: ZTMX-EVT-TM X-N O-MEM- S PACE 12-45
105: ZTMX-EVT-TMX- -PR OG-ER R 12-46
Related Operating System Event Messages 12-47
Converting Events to Traps 12-48 Sample EMS Applicatio n 12-48
Application Components 12-48
Preparing the Application 12-49
Running the Application 12-50
Application Control Flow 12-51
Application Source Code 12-52
13. IPX/SPX Subagent (G-Series)
Architectural Overview 13-1
The IPX/SPX Subagent MIB 13-4
Refreshing IPXPROTO Object Values 13-6
Connections Between Subagent and Other Processes 13-7
Resource Utilization 13-9
Subagent Backup Process 13-10
First Failure Data Capture 13-10 Standards Compliance 13-10 Installation 13-10
Dependencies 13-11
Installation Steps 13-11 Configuration 13-12 Starting and Stopping the Subagent 13-13 Troubleshooting the Subagent 13-16
EMS Event Messages 13-16
Startup Problems 13-16
Timeouts 13-17 Novell MIB Objects 13-18
MIB Objects 13-19
ipxBasicSysTable Maintenance 13-21
Page 16
Contents
SNMP Configuration and Management Manual—424777-006
xiv
13. IPX/SPX Subagent (G-Series) (continued)
13. IPX/SPX Subagent (G-Series) (continued)
Compliance With Novell MIB 13-21 HP MIB Objects 13-22
zipx Group 13-23
zisa Group 13-37 EMS Support 13-45
Subsystem ID 13-46
Tokens in ZISA Event Messages 13-46
Event Message Descriptions 13-49
1001: ZISA-EVT-SUBAGENT-AVAILABLE 13-50
1002: ZISA-EVT-SUBAGENT-UNAVAILABLE 13-52
1003: ZISA-EVT-AGENT-AVAILABLE 13-53
1004: ZISA-EVT-AGENT-UNAVAILABLE 13-55
1005: ZISA-EVT-BACKUP-AVAILABLE 13-58
1006: ZISA-EVT-BACKUP-UNAVAILABLE 13-60
1007: ZISA-EVT-EMSCOLL-AVAILABLE 13-62
1008: ZISA-EVT-EMSCOLL-UNAVAILABLE 13-64
1009: ZISA-EVT-IPXPROTO-AVAILABLE 13-66
1010: ZISA-EVT-IPXPROTO-UNAVAILABLE 13-68
1011: ZISA-EVT-MEMORY-ALLOC-FAILURE 13-70
1012: ZISA-EVT-PROCESS-TRAPPED 13-72
14. Et he r ne t Subagent
Architectural Overview 14-1
The Ethernet Subagent and Its Managed Resources 14-1
The Ethernet Subagent and the SNMP Agent 14-1
dot3 Statistics Group Supported by the Ethernet Subagent 14-3
The Ethernet Subagent MIB 14-3 Installing the Ethernet Subagent 14-5 Before Starting the Ethernet Subagent 14-5 Starting the Ethernet Subagent 14-6 Stopping the Ethernet Subagent 14-8 Initiating Backup Process Takeover 14-8 Configuring a Running Ethernet Subagent 14-9
Querying a Running Ethernet Subagent 14-9
Controlling a Running Ethernet Subagent 14-10 ZESA MIB Objects 14-11
State Object/Resource Object Pairs 14-16
Page 17
Contents
SNMP Configuration and Management Manual—424777-006
xv
14. Ethernet Subagen t (continued)
14. Et he r ne t Subagent (continued)
Ethernet-Like Statistics dot3Group 14-19
MIB Objects 14-20
RFC Compliance 14-27
dot3StatsTable Maintenance 14-28 Traps Generated by the Ethernet Subagent 14-29 EMS Support 14-30
Data Definitions 14-31
Subsystem ID 14-32
Ethernet Subagent (ZESA) Tokens 14-32
Standard EMS Tokens 14-32
Event Message Descriptions 14-33
3001: ZESA-EVT-SUBAGENT-AVAIL 14-34
3002: ZESA-EVT-SUBAGENT-UNAVAIL 14-36
3003: ZESA-EVT-AGENT-OBJ-AVAIL 14-39
3004: ZESA-EVT-AGENT-OBJ-UNAVAIL 14-41
3005: ZESA-EVT-BACKUP-OBJ-AVAIL 14-43
3006: ZESA-EVT-BACKUP-OBJ-UNAVAIL 14-46
3007: ZESA-EVT-EMSCOLL-AVAIL 14-49
3008: ZESA-EVT-EMSCOLL-UNAVAIL 14-51
3009: ZESA-EVT-TCPIP-OBJ-AVAIL 14-54
3010: ZESA-EVT-TCPIP-OBJ-UNAVAIL 14-56
3011: ZESA-EVT-SRL-CALL-F A ILED 14-59
3012: ZESA-EVT-INTERNAL-FAULT 14-61
3013: ZESA-EVT-CONFIGURATION-INVALID 14-63
3014: ZESA-EVT-TAKEOVER-BY-BACKUP 14-65
Converting Events to Traps 14-66
Part V. Appendices
A. SCF Command Syntax Summary for the NonStop Agent
ABORT Command A-1 ADD Command A-2 ALTER Command A-2 DELETE Command A-3 INFO Command A-3 NAMES Command A-4 START Command A-4
Page 18
Contents
SNMP Configuration and Management Manual—424777-006
xvi
A. SCF Command Syntax Summary for the
NonStop Agent (continued)
A. SCF Command Syntax Summary for the NonStop
Agent (continued)
ST ATUS Command A-5 STOP Command A-5 TRACE Command A-6 VERSION Comm and A-6
B. SCF Error Messages for the NonStop Agent
Types of SCF Error Messages B-1
Command Parsing Error Messages B-1
SCF-Generated Numbered Error Messages B-1
Common Error Messages B-1
Subsystem-Specific Error Messages B-1 Common Versus Subsystem-Specific Errors B-2 SCF Error Messag es Help B-3 If You Have to Call HP B-3 NonStop Agent Error Messages B-4
SNMP Error 00001 B-4
SNMP Error 00002 B-4
SNMP Error 00004 B-4
SNMP Error 00005 B-5
SNMP Error 00006 B-5
SNMP Error 00007 B-6
SNMP Error 00009 B-6
C. Unsolicited SNMP Agent Messages
Traps C-1 Events
C-2
001: ZSMP-EVT-INVALID-CAID C-3 002: ZSMP-EVT-INTERNAL-ERROR C-3 003: ZSMP-EVT-STATE-CHANGE C-4 004: ZSMP-EVT-OSS-E RROR C-5 005: ZSMP-EVT-SOCKET-ERROR C-7 006: ZSMP-EVT-CONFIG-ERROR C-8 009: ZSMP-EVT-BAD-IPC-PDU-RCVD C-9 010: ZSMP-EVT-BAD-NMS-PDU-RCVD C-10 012: ZSMP-EVT -NO-SUCH-TRAPDEST C-10 013: ZSMP-EVT-INVALID-PDU-ON-SVC-P T C-11 014: ZSMP-EVT-GUARDIAN-ERROR C-11
Page 19
Contents
SNMP Configuration and Management Manual—424777-006
xvii
Glossary
Glossary Index
Examples
Example 9-1. ASN.1 Source Code for EMS Trap MIB 9-5 Example 9-2. Example Routing Distributor Filter 9-8 Example 9-3. Example TACL Macro for Starting EMS Trap Subagent 9-11 Example 10-1. ASN.1 Source Code for EMS Trap MIB 10-6 Example 10-2. Initial Contents of GENTRAP 10-10 Example 12-1. Sample Application Filter Source Code 12-49 Example 12-2. Sample Application Output 12-51 Example 12-3. Sample Application Source Code 12-56
Figures
Figure 1-1. Default SNMP Agent/Manager Interaction Over TCP/IP 1-2 Figure 1-2. Key Components in the SNMP Environment 1-4 Figure 1-3. Format of SNMP Messages 1-7 Figure 1-4. Nodes in the SNMP Object Tree 1-11 Figure 1-5. NonStop SNMP Architecture 1-16 Figure 2-1. Default SNMP Agent/Manager Interaction Over TCP/IP 2-5 Figure 2-2. Running Multiple SNMP Agents on a Single Node 2-19 Figure 2-3. Running SNMP Agents on Multiple Nodes 2-21 Figure 2-4. Managing Overlapping Sets of Resources 2-22 Figure 2-5. Authenticating Requests Received Through TCP/IP 2-30 Figure 2-6. Multiple Local SNMP Agents, Single Host Request/Response
Connections 2-36
Figure 2-7.
Multiple Remote SNMP Agents, Single Host Request/Response
Connections 2-38 Figure 2-8. Multiple SNMP Agents, Single Host Connections 2-42 Figure 2-9. Multiple SNMP Agents, Multiple Host Connections 2-44 Figure 4-1. Overview of SCF 4-2 Figure 4-2. 4-4 Figure 4-3. The PROCESS Object 4-5 Figure 4-4. PROCESS Object State Transition Sequence 4-7 Figure 4-5. The ENDPOINT Ob ject 4-8 Figure 4-6. ENDPOINT Object State Transition Sequence 4-11 Figure 4-7. The PROFILE Object 4-13 Figure 4-8. PROFILE Object State Transition Sequence 4-15 Figure 4-9. The TRAPDEST Object 4-16
Page 20
Contents
SNMP Configuration and Management Manual—424777-006
xviii
Figures (continued)
Figures (continued)
Figure 4-10. TRAPDEST Object State Transition Sequence 4-20 Figure 6-1. Recording and Displaying Trace Data 6-2 Figure 8-1. Architectural Overview of the TCP/IP Subagent 8-2 Figure 8-2. TCP/IP Subagent Scenarios 8-3 Figure 8-3. TCP/IP Subagent Resource Object States 8-29 Figure 9-1. EMS Components 9-2 Figure 9-2. EMS Trap Subagent Components 9-3 Figure 10-1. EMS and NonStop NET/MASTER Components 10-2 Figure 10-2. NonStop NET/MASTER Trap Subagent Components 10-4 Figure 11-1. Derivation of Information for RFC 1514 Support 11-2 Figure 11-2. Derivation of Information for RFC 1514 Extensions 11-4 Figure 11-3. Relationship Between hrStorageTable and hrFSTable 11-29 Figure 11-4. Relationship Among Tables in hrDevice, hrStorage, and Interfaces
Groups 11-38 Figure 11-5. Relationship Between hrSWRunTable and hrSWRunPerfTable 11-53 Figure 11-6. Relationship Between Threshold Values and Trap Generation 11-101 Figure 12-1. Trap Multiplexer Functions and Components 12-2 Figure 12-2. Mapping of Trap Header Variables to EMS Event Tokens 12-22 Figure 12-3. Sample Application Interactions 12-48 Figure 12-4. Sample Application Control Flow 12-52 Figure 13-1. NonStop IPX/SPX Interactions 13-2 Figure 13-2. IPX/SPX Subagent Interactions 13-3 Figure 13-3. Indexes Linking MIB Table Entries 13-5 Figure 13-4. Derivation of tdmNwServerTable Index Values 13-34 Figure 14-1. Architectural Overview of the Ethernet Subagent 14-2 Figure 14-2. Ethernet Subagent Resource Object States 14-18
Tables
Table 1-1. System Group Objects Supported by SNMP Agent's MIB 1- 13 Table 1-2. Compliance With IP Group Definitions in RFC 1213 1-17 Table 2-1. Initial Values of Objects in the SNMP Agent's MIB 2-6 Table 2-2. Summary of Startup Parameters 2-13 Table 2-3. Security Scenarios 2-32 Table 3-1. System Group Objects Supported by SNMP Agent 3-4 Table 3-2. SNMP Group Objects Supported by SNMP Agent 3-7 Table 3-3. zagInternal Group Objects Supported by SNMP Agent 3-12 Table 3-4. Access Status of SNMP Agent’s Private MIB Objects 3-20 Table 3-5. SCF and SNMP Manager Access to Table Row Objects 3-23
Page 21
Contents
SNMP Configuration and Management Manual—424777-006
xix
Tables (continued)
Tables (continued)
Table 3-6. RowStatus Value Definitions 3-24 Table 3-7. RowStatus Values and Table Management Operations 3-26 Table 3-8. ENDPOINT and TRAPDEST Default Values 3-29 Table 3-9. RowStatus Values With Defined and Undefined Row Objects 3-29 Table 3-10. Initial Values of Objects in the SNMP Agent's MIB 3-32 Table 3-11. SNMP Agent Private MIB Objects That Describe the SNMP Operations
Environment 3-32 Table 4-1. States Reported by NonStop Agent Objects 4-4 Table 4-2. ENDPOINT Object States 4-10 Table 4-3. PROFILE Object States 4-14 Table 4-4. TRAPDEST Object States 4-18 Table 5-1. Summary of SCF Commands Supported for NonStop Agent
Objects 5-1 Table 6-1. Summary of NonStop SNMP Agent PTrace Commands 6-5 Table 6-2. Keywords for NonStop SNMP Agent PTrace SELECT Command 6-1 1 Table 7-1. Handling Requests That Cannot Be Processed 7-6 Table 8-1. Querying a TCP/IP Subagent Through SNMP 8-16 Table 8-2. Controlling a TCP/IP Subagent Through SNMP 8-18 Table 8-3. Private (ZTSA) MIB Objects Supported by the TCP/IP Subagent 8-21 Table 8-4. TCP/IP Subagent State Object/Resource Object Pairs 8-28 Table 8-5. Interfaces Group Objects Supported by TCP/IP Subagent 8-31 Table 8-6. Compliance With Interfaces Group Definitions in RFC 1213 8-38 Table 8-7. IP Group Objects Supported by TCP/IP Subagent 8-41 Table 8-8. Compliance With IP Group Definitions in RFC 1213 8-48 Table 8-9. ICMP Group Objects Supported by TCP/IP Subagent 8-52 Table 8-10. Compliance With ICMP Group Definitions in RFC 1213 8-55 Table 8-11.
TCP Group Objects Supported by TCP/IP Subagent 8-57 Table 8-12.
Compliance With TCP Group Definitions in RFC 1213 8-60 Table 8-13. UDP Group Objects Supported by TCP/IP Subagent 8-62 Table 8-14. Compliance With UDP Group Definitions in RFC 1213 8-63 Table 8-15. Traps Generated by TCP/IP Subagent 8-64 Table 8-16. TCP/IP Subagent Event Messages 8-65 Table 8-17. ZTSA Tokens in ZTSA Event Messages 8-68 Table 8-18.
ZEMS Tokens in ZTSA Event Messages 8-69 Table 9-1.
Objects in the EMS Trap MIB 9-13 Table 10-1. Objects in the EMS Trap MIB 10-15 Table 10-2. openagent Return Codes and GENTRAP Actions 10-18 Table 10-3. sendtrap Return Codes and GENTRAP Actions 10-19
Page 22
Contents
SNMP Configuration and Management Manual—424777-006
xx
Tables (continued)
Tables (continued)
Table 10-4. closeagent Return Codes and GENTRAP Actions 10-20 Table 11-1. Host Resources Subagent Configuration Options 11-10 Table 1 1-2. hrSystem Group Objects Supported by Host Resources Subagent's
MIB 11-26 Table 1 1-3. Compliance With hrSystem Group Definitions in RFC 1514 11-28 Table 1 1-4. hrStorage Group Objects Supported by Host Resources Subagent's
MIB 11-30 Table 1 1-5. Compliance With hrStorage Group Definitions in RFC 1514 11-34 Table 1 1-6. hrDevice Group Objects Supported by Host Resources Subagent’s
MIB 11-39 Table 1 1-7. Compliance With hrDevice Group Definitions in RFC 1514 11-49 Table 1 1-8. hrSWRun Group Objects Supported by Host Resources Subagent's
MIB 11-54 Table 1 1-9. Compliance With hrSWRun Group Definitions in RFC 1514 11-58 Table 11-10. hrSWRunPerf Group Objects Supported by Host Resources Subagent's
MIB 11-60 Table 11-11. Compliance With hrSWRunPerf Group Definitions in RFC 1514 11-61 Table 11-12. zhr mTableInfo Group Ob jects Supp orte d by H ost Resour ces Subage nt's
MIB 11-64 Table 11-13. zhrmThreshold Group Objects Supported by Host Resources
Subagent's MIB 11-78 Table 11-14. zhrmDevUnavail Group Objects Supported by Host Resources
Subagent's MIB 11-86 Table 11-15. zhrmSaProcess Group Objects Supported by Host Resources
Subagent's MIB 11-92 Table 11-16. zhrmRefresh Group Objects Supported by Host Resources Subagent's
MIB 11-97 Table 11-17.
Variable Bindings in the zhrmTrapDeviceStateChange Trap 11-102 Table 11-18. Variable Bindings in the zhrmRAMThreshold Trap 11-103 Table 11-19. Variable Bindings in the zhrmDiskThreshold Trap 11-104 Table 1 1-20. Host Resources Subagent Event Messages 11-104 Table 1 1-21. ZHRM Tokens in ZHRM Event Messages 11-106 Table 1 1-22. ZSPI Tokens in ZHRM Event Messages 11-106 Table 1 1-23. ZEMS Tokens in ZHRM Event Messages 11-106 Table 12-1. Trap Multiplexer Configuration Options 12-5 Table 12-2. ztmxPDUStatistics Group Objects Supported by Trap Multiplexer’s
MIB 12-13 Table 12-3. ztmxProcess Group Objects Supported by Trap Multiplexer’s
MIB 12-17 Table 12-4. Trap Multiplexer Trap Event Messages 12-21
Page 23
Contents
SNMP Configuration and Management Manual—424777-006
xxi
Tables (continued)
Tables (continued)
Table 12-5. Trap Event Token Summary 12-23 Table 12-6. Trap Multiplexer Process Event Messages 12-25 Table 12-7. ZTMX Tokens in ZTMX Event Messages 12-26 Table 12-8. ZSPI Tokens in ZTMX Event Messages 12-27 Table 12-9. ZEMS Tokens in ZTMX Event Messages 12-28 Table 13-1. IPX/SPX Subagent Configuration Summary 13-12 Table 13-2. ipxBasicSysEntry Objects Supported by the Subagent 13-19 Table 13-3. Compliance With Novell ipxBasicSys Group Definitions 13-21 Table 13-4. tdmNwInfoEntry Objects Supported by the Subagent 13-24 Table 13-5. tdmNwIPXEntry Objects Supported by the Subagent 13-27 Table 13-6. tdmNwSPXEntry Objects Supported by the Subagent 13-29 Table 13-7. tdmNwNCPEntry Objects Supported by the Subagent 13-32 Table 13-8. tdmNwServerEntry Objects Supported by the Subagent 13-35 Table 13-9. tdmNwSaConfig Objects Supported by the Subagent 13-39 Table 13-10. tdmNwSaAgentNamesEntry Objects Supported by the
Subagent 13-42 Table 13-11. tdmNwSaIPXPROTONamesEntry Objects Supported by the
Subagent 13-43 Table 13-12. IPX/SPX Subagent Event Messages 13-45 Table 13-13. ZISA Tokens in ZISA Event Messages 13-46 Table 13-14. ZSPI Tokens in ZISA Event Messages 13-47 Table 13-15. ZEMS Tokens in ZISA Event Messages 13-47 Table 14-1. Querying an Ethernet Subagent Through SNMP 14-9 Table 14-2. Controlling an Ethernet Subagent Through SNMP 14-10 Table 14-3. Private (ZESA) MIB Objects Supported by the Ethernet
Subagent 14-12 Table 14-4.
Ethernet Subagent State Object/Resource Object Pairs 14-17 Table 14-5.
dot3StatsTable Objects Supported by Ethernet Subagent 14-20 Table 14-6. Compliance With dot3 Group Definitions in RFC 1643 14-27 Table 14-7. Traps Generated by Ethernet Subagent 14-29 Table 14-8. Ethernet Subagent Event Messages 14-30 Table 14-9. ZESA Tokens in ZESA Event Messages 14-32 Table 14-10. ZEMS Tokens in ZESA Event Messages 14-33 Table C-1. Traps Generated by SNMP Agent C-1 Table C-2. SNMP Agent Event Messages C-2 Table C-3. Encoding and Decoding Errors Returned by an Open Systems
Solutions, Inc., ASN.1 Function C-6
Page 24
Contents
SNMP Configuration and Management Manual—424777-006
xxii
Tables (continued)
Page 25
SNMP Configuration and Management Manual—424777-006
xxiii
What’s New in This Manual
Manua l In forma tion
SNMP Configuration and Mana gement Manual
Abstract
This manual describes how to install, start, configure, and stop the HP Simple Network Management Protocol (SNMP) Agent and subagents. The SCF commands used by SNMP are described. This manual also discusses the objects in the Management Information Bases (MIBs) used by the agent and subagents. The SNMP Agent and its subagents compl y with SNMP Request s for Comment (R FCs) so tha t SNMP-co mpli ant management applications, known as SNMP managers, can manage various resources on an HP NonStop™ host.
Product Version
SNMP Agent (T9576G06), T9576H01)
Supported Release Version Updates (RVUs)
This manual supports the G06.24 RVU and all subsequent G-series RVUs and the H06.03 RVU and all subsequent H-series RVUs until otherwise indicated by its replacement publication.
Document History
Part Numb er Published
424777- 006 J uly 2005
Part Number Product Version Published
424777- 002 SNMP Ag ent (T9576G06) May 2002 424777- 003 SNMP Ag ent (T9576G06) November 2002 424777- 004 SNMP Ag ent (T9576G06) December 2003 424777- 005 SNMP Ag ent (T9576G06) Septem ber 2004 424777- 006 SNMP Ag ent (T9576G06, T9576 H 01) July 2004
Subagent Product Versions IPX/SPX Sub agent (T8170D30)
TCP/IP Subagent (T7862G05) Ethernet/Token Ring Subagent (T0326G06) Trap Multiplexer (T1041G06) NonStop NET/MASTER Trap Subagent (T8491D20) EMS Trap Subagent (T9632D31) Host Resources Subagent (T8496G04) ONS Subagent (T8103D40)
Page 26
SNMP Configuration and Management Manual—424777-006
xxiv
New and Changed Information
This revision contains these changes and additions:
Section Change
Section 1, The NonStop SNMP En v ironmentt
Notes concerning H-Series support have been included.
Section 2, Installin g and Configuring the SNMP Agent
Notes concerning H-Series support have been included.
Section 4, Introduction to SCF for the SN M P Agent
H-series informatio n has been a dded.
Section 7, Troubleshooting the SNMP Agent
H-series informatio n has been a dded.
Section 8, TCP/IP Subagent
H-series informatio n has been a dded.
Section 10.ONS Trap Subagent (D-series)
This section has been deleted.
Section 11.NonStop NET/MASTER Trap Subagent
Has become section Section 10, Non Stop N ET / M ASTER Trap
Subagent.
Section 12. Host Resources Subagent
Has become Section 11, Host Resources Subagent.
Section 1 3. Trap Multiplexer Subagent/Manager
Has become section Section 12, Trap Multiplexer
Subagent/Manager.
Section 14.
IPX/SPX
Subagent
Has become section 13 with the title Section 13, IPX/SPX
Subagent (G-Series).
Section 1 5. Et hernet Subagent
Has become Section 14, Ethernet Subagent
.
Page 27
SNMP Configuration and Management Manual—424777-006
xxv
About This Manual
The SNMP agent and subagents let custom ers manage HP NonStop systems by using SNMP managers. SNMP managers are SNMP-compliant applications that manage multiplatform networks.
This manual describes how to install, configure, and interpret information generated by the SNMP agent and its subagents. It also defines SCF commands for SNMP.
Your Comments Invited
After using this manual, please take a moment to send us your comments. You can do this by:
Completing the online Contact NonStop Publications form if you have Internet access.
Faxing or mailing the form, which is included as a separate file in Total Information Manager (TIM) collections and located at the back of printed manuals. Our fax number and mailing address are included on the form.
Sending an e-mail message to the address included on the form. We will immediately acknowledge receipt of your message and send you a detailed response as soon as possible. Be sure to include your name, company name, address, and phone number in your message. If your comments are specific to a particular manual, also include the part number and title of the manual.
Many of the improvements you see in manuals are a result of suggestions from our customers. Please take this opportunity to help us improve future manuals.
Audience
This manual has two audiences: NonStop system personnel and users of the SNMP manager.
NonStop system personnel include system managers, network managers, and operators who handle such host-based operations as SNMP agent and subagent installation, configuration, and troubleshooting. These personnel need a working familiarity with the HP NonStop Kernel operating system as well as such subsystems as TCP/IP, Subsystem Control Facility (SCF), and Event Management Service (EMS). These personnel are acquainted with basic SNMP principles.
Users of the SNMP manager configure and use SNMP managers to send requests to and receive responses from the SNMP agent and subagents. Users of the SNMP manager also monitor traps forwarded by the SNMP agent. These users are familiar with their management applications and with the platforms those applications run on. SNMP manager users know the format of requests and responses exchanged with SNMP agents on systems provided by different vendors.
Page 28
About This Manual
SNMP Configuration and Management Manual—424777-006
xxvi
Purpose
Purpose
For NonStop system personnel, this manual describes how to install and configure the SNMP agent and its subagents. It also documents the messages generated and explains how the SNMP agent and subagents fit into the overall NonStop subsystem architecture.
For users of the SNMP manager, this manual describes the MIBs supported in the NonStop SNMP environment. In addition, it documents how the SNMP agent and subagents comply with guidelines in RFCs and describes the traps generated.
Organization
This manual has five parts. Part I, Installing and Configuring SNMP, is an overview of SNMP and tells how to configure, start, stop, and manage an SNMP agent. .Part II,
SCF for the SNMP Agent, tells how to manage SNMP using the Subsystem Control
Facility (SCF). Part III, Troubleshooting describes diagnostics. P art IV, SNMP
Subagents describes the SNMP subagents. Part V, Appendices, provides reference
information. Following is a brief description of each section:
Part I, Installing and Configuring SNMP
Section 1, The NonStop SNMP Environment, provides a high-level view of SNMP
and how it is implemented in the NonStop environment.
Section 2, Installing and Configuring the SNMP Agent, describes how to configure
the SNMP agent using SCF, the RUN command, PARAM statements, and the SNMPCTL file. This section describes how to configure security, response/request connection, and trap- connection agent elements.
Section 3, MIBs Supported by the SNMP Agent, describes the traps and EMS
event messages that the SNMP agent generates.
Part II, SCF fo r the SNM P A gen t
Section 4, Introduction to SCF for the SNMP Agent, provides an overview of the
subsystem control facility (SCF) and how it can be used to manage SNMP.
Section 5, SCF Commands for the SNMP Agent, describes how the components
of a NonStop agent configuration are organized and managed through the SCF interface
Part III, Troubleshooting
Section 6, SNMP Agent PTrace Facility. describes the PTrace utility, which tracks
and maintains records of communications between processes.
Section 7, Troubleshooting the SNMP Agent, contains guidelines about what to do
when you encounter problems starting the SNMP agent.
Page 29
About This Manual
SNMP Configuration and Management Manual—424777-006
xxvii
Organization
Part IV, SNMP Subagen ts
Section 8, TCP/IP Subagent, describes the subagent that facilitates management
of TCP/IP processes on SNMP systems.
Section 9, EMS Trap Subagent, describes the subagent that translates EMS
events into SNMP traps.
Section 11, Host Resources Subagent, describes the subagent that translates
Event Management Service (EMS) events routed to NonStop NET/MASTER MS into SNMP traps whose objects are defined in the EMS Trap MIB.
Section 12, Trap Multiplexer Subagent/Manager describes the subagent that
supports the management of hardware and software resources on the NonStop system where the subagent is installed.
Section 13, IPX/SPX Subagent (G-Series), describes the product that, as a
manager, receives traps from network devices and converts them into EMS events and, as a subagent, pr ovides m anag er st ation access to an MIB that de scribes tr ap conversion activities and configuration attributes.
Section 14, Ethernet Subagent, describes the Internetwork Packet
Exchange/Sequenced Packet Exchange (IPX/SPX) Subagent, which lets you monitor and manage NonStop IPX/SPX networks.
Part V, Appendices
Appendix A, SCF Command Syntax Summary for the NonStop Agent, lists the
syntax for the SCF commands supported by the NonStop agent.
Appendix B, SCF Error Messages for the NonStop Agent, describes the SCF error
messages specific to the NonStop SNMP agent.
Appendix C, Unsolicited SNMP Agent Messages, describes the EMS event
messages generated by the SNMP agent.
A Glossary
provides definitions of SNMP terms and acronyms.
Page 30
About This Manual
SNMP Configuration and Management Manual—424777-006
xxviii
Related Reading
Related Reading
This manual has three companion manuals:
The SNMP Manager Programmer’s Guideexplains how to use the Manager Services Toolkit product to generate SNMP managers that run as NonStop Kernel processes in Guardian or HP NonStop Kernel Open System Services (OSS) environments.
The TCP/IP (Parallel Library) Configuration and Management Manual describes how to configure and manage the Parallel Library TCP/IP subsystem.
The TCP/IPv6 Configuration and Management Manual describes how to configure and manage the NonStop TCP/IPv6 subsystem.
The TC P/IP (P ar allel Librar y) Migr ati on Gu ide provid es in form ation ab out mi gr ating your NonSTop TCP/IP applications to the Parallel Library TCP/IP environment.
Throughout this manual, you will find references to RFCs. RFCs are documents that describe the Internet suite of protocols and related experiments. The Internet Architecture Board requires that protocols be documented in RFCs so that standards and ideas are widely accessible.
You can also obtain information about SNMP at libraries and book stores. Many excellent and up-to-date books are available.
Notation Conventions
Hypertext Links
Blue underline is used to indicate a hypertext link within text. By clicking a passage of text with a blue underline, you are taken to the location described. For example:
This requirement is described under SNMP Ag en t Process
on page 2-16.
General Sy ntax Not a tion
The following list summarizes the notation conventions for syntax presentation in this manual.
UPPERCASE LETTERS. Uppercase letters indicate keywords and reserved words; enter
these items exactly as shown. Items not enclosed in brackets are required. For example:
MAXATTACH
lowercase italic letters. Lowercase italic letters indicate variable items that you supply.
Items not enclosed in brackets are required. For example:
file-name
Page 31
About This Manual
SNMP Configuration and Management Manual—424777-006
xxix
General Syntax Notation
computer type. Computer type letters within text indicate C and Open System Services
(OSS) keywords and reserved words; enter these items exactly as shown. Items not enclosed in brackets are required. For example:
myfile.c
italic computer type. Italic computer type letters within text indicate C and Open
System Services (OSS) variable items that you supply. Items not enclosed in brackets are required. For example:
pathname
[ ] Brackets. Brackets enclose optional syntax items. For example:
TERM [\system-name.]$terminal-name INT[ERRUPTS]
A group of items enclosed in brackets is a list from which you can choose one item or none. The items in the list may be arranged either vertically, with aligned brackets on each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For example:
FC [ num ] [ -num] [ text]
K [ X | D ] address-1
{ } Braces. A group of items enclosed in braces is a list from which you are required to
choose one item. The items in the list may be arranged either vertically, with aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and separated by vertical lines. For example:
LISTOPENS PROCESS { $appl-mgr-name } { $process-name }
ALLOWSU { ON | OFF }
| Vertical Line. A vertical line separates alternatives in a horizontal list that is enclosed in
brackets or braces. For example:
INSPECT { OFF | ON | SAVEABEND }
… Ellipsis. An ellipsis immediately following a pair of brackets or braces indicates that you
can repeat the enclosed sequence of syntax items any number of times. For example:
M address-1 [ , new-value ]... [ - ] {0|1|2|3|4|5|6|7|8|9}...
An ellipsis imme diately fol lowing a single syntax item indi cates that you can repeat that syntax item any number of times. For example:
"s-char..."
Page 32
About This Manual
SNMP Configuration and Management Manual—424777-006
xxx
General Syntax Notation
Punctuation. Parentheses, commas, semicolons, and other symbols not previously
described must be entered as shown. For example:
error := NEXTFILENAME ( file-name ) ; LISTOPENS SU $process-name.#su-name
Quotation marks around a symbol such as a bracket or brace indicate the symbol is a required character that you must enter as shown. For example:
"[" repetition-constant-list "]"
Item Spacing. Spaces shown between items are required unless one of the items is a
punctuation symbol such as a parenthesis or a comma. For example:
CALL STEPMOM ( process-id ) ;
If there is no space between two items, spaces are not permitted. In the following example, there are no spaces permitted between the period and any other items:
$process-name.#su-name
Line Spaci ng. If the syntax of a command is too long to fit on a single line, each
continuation line is indented three spaces and is separated from the preceding line by a blank line. This spacing distinguishes items in a continuation line from items in a vertical list of selections. For example:
ALTER [ / OUT file-spec / ] LINE [ , attribute-spec ]...
!i and !o. In procedure calls, the !i not ation fo llo ws an input parameter (o ne tha t pa sses dat a
to the called procedure); the !o notation follows an output parameter (one that returns data to the calling program). For example:
CALL CHECKRESIZESEGMENT ( segment-id !i , error ) ; !o
!i,o. In procedure calls, the !i,o notation follows an input/output parameter (one that both
passes data to the called procedure and returns data to the calling program). For example:
error := COMPRESSEDIT ( filenum ) ; !i,o
!i:i. In procedure calls, the !i:i notation follows an input string parameter that has a
corresponding parameter specifying the length of the string in bytes. For example:
error := FILENAME_COMPARE_ ( filename1:length !i:i , filename2:length ) ; !i:i
Page 33
About This Manual
SNMP Configuration and Management Manual—424777-006
xxxi
Notation for Messages
!o:i. In procedure calls, the !o:i notation follows an output buffer parameter that has a
corresponding input parameter specifying the maximum length of the output buffer in bytes. For example:
error := FILE_GETINFO_ ( filenum !i , [ filename:maxlen ] ) ; !o:i
Notation for Messages
The following list summarizes the notation conventions for the presentation of displayed messages in this manual.
Bold Text. Bold text in an example indicates user input entered at the terminal. For
example:
ENTER RUN CODE ?123 CODE RECEIVED: 123.00
The user must press the Return key after typing the input.
Nonitalic text. Nonitalic letters, numbers, and punctuation indicate text that is displayed or
returned exactly as shown. For example:
Backup Up.
lowercase italic letters. Lowercase italic letters indicate variable items whose values are
displayed or returned. For example:
p-register process-name
[ ] Brackets. Brackets enclose items that are sometimes, but not always, displayed. For
example:
Event number = number [ Subject = first-subject-value ]
A group of items enclosed in brackets is a list of all possible items that can be displayed, of which one or none might actually be displayed. The items in the list might be arranged either vertically, with aligned brackets on each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For example:
proc-name trapped [ in SQL | in SQL file system ]
{ } Braces. A group of items enclosed in braces is a list of all possible items that can be
displayed, of which one is actually displayed. The items in the list might be arranged
Page 34
About This Manual
SNMP Configuration and Management Manual—424777-006
xxxii
Notation for Management Programming Interfaces
either vertically, with aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and separated by vertical lines. For example:
obj-type obj-name state changed to state, caused by { Object | Operator | Service }
process-name State changed from old-objstate to objstate { Operator Request. } { Unknown. }
| Vertical Line. A vertical line separates alternatives in a horizontal list that is enclosed in
brackets or braces. For example:
Transfer status: { OK | Failed }
% Percent Sign. A percent sign precedes a number that is not in decimal notation. The
% notation precedes an octal number. The %B notation precedes a binary number. The %H notation precedes a hexadecimal number. For example:
%005400 P=%p-register E=%e-register
Notation for Management Programming Interfaces
The following list summarizes the notation conventions used in the boxed descriptions of programmatic commands, event messages, and error lists in this manual.
UPPERCASE LETTERS. Uppercase letters indicate nam es from defi nition fi les; ente r these
names exactly as shown. For example:
ZCOM-TKN-SUBJ-SERV
lowercase letters. Words in lowercase letters are words that are part of the notation,
including Data Definition Language (DDL) keywords. For example:
token-type
!r. The !r notation following a token or field name indicates that the token or field is
required. For example:
ZCOM-TKN-OBJNAME token-type ZSPI-TYP-STRING. !r
!o. The !o notation following a token or field name indicates that the token or field is
optional. For example:
ZSPI-TKN-MANAGER token-type ZSPI-TYP-FNAME32. !o
Page 35
About This Manual
SNMP Configuration and Management Manual—424777-006
xxxiii
Change Bar Notation
Change Bar Notation
Change bars are used to indicate substantive differences between this edition of the manual and the preceding edition. Change bars are vertical rules placed in the right margin of changed portions of text, figures, tables, examples, and so on. Change bars highlight new or revised information. For example:
The message types specified in the REPORT clause are different in the COBOL85 environment and the Common Run-Time Environment (CRE).
The CRE has many new message types and some new message type codes for old message types. In the CR E, the messa ge type S Y STEM incl udes all me ssages except LOGICAL-CLOSE and LOGICAL-OPEN.
Page 36
About This Manual
SNMP Configuration and Management Manual—424777-006
xxxiv
Change Bar Notation
Page 37
SNMP Configuration and Management Manual—424777-006
Part I. Installing and Configuring SNMP
Part I consists of the following sections, which give an overview of the SNMP agent and provide installation and configuration information:
Section 1 The NonStop SNMP Environment Section 2 Installing and Configuring the SNMP Agent
Page 38
Part I. Installing and Configuring SNMP
SNMP Configuration and Management Manual—424777-006
Page 39
SNMP Configuration and Management Manual—424777-006
1-1
1
The NonStop SNMP Environment
This section explains how HP has implemented SNMP to facilitate management of its HP NonStop systems by using SNMP-compliant applications known as managers.
SNMP originated in the Internet community in the late 1980s as a means for managing TCP/IP and Ethernet networks. Because of its relative simplicity, SNMP has gained widespread acceptance as a protocol for managing devices from multiple vendors on a network. Today, many vendors offer SNMP-compliant applications that run on several workstation platforms. These applications manage devices attached to various kinds of networks when the devices are instrumented with SNMP-compliant software known as SNMP agents.
Page 40
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-2
Figure 1-1. Default SNMP Agent/Manager Interaction Over TCP/IP
SNMP agent responds to requests and also sends unsolicited trap messages,
in which it includes the
community name "Tandem,"
to manager
Subagent-3
SNMP Manager
HP NonStop Kernel System
Compaq NonStop Kernel System
TCP/IP
Expand
1
5
Managed
Resources
SNMP Agent
Subagent-1
Subagent-2
Managed
Resources
Subagent retrieves information from
managed
subsystem
4
SNMP agent forwards
authenticated requests
to appropriate subagent
Subagent sends response and trap messages to
SNMP agent
Managed
Resources
Authentication Table
Entry Entry
. .
2
3
6
$0
SNMP agent
sends events to
EMS collector
Legend
Trap messages
Request/response message
s
$ZTC0
VST999.vsd
Manager sends
requests for
information regarding
HP resources
SNMP agent authenticates GET and GETNEXT requests from "Public" community
Page 41
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-3
By default, the SNMP agent does the following:
Receives and sends SNMP messages through NonStop Kernel IPC calls or through any available subnet associated with the TCP/IP process $ZTC0 on the local node
Accepts any request received through TCP/IP that contains the community name “public,” and gives the “public” community READONLY access
Accepts any request received through the IPC interface and grants the requesting manager READWRITE access to all MIB objects supported by the SNMP agent and subagents except the SNMP agent’s private zagInProfile group objects
Sends traps through the TCP/IP process $ZTC0 to the Internet address associated with each SNMP manager from which a request is received; includes the community Tandem in the traps. $ZTC0 is on the local node. The SNMP manager must be using TCP/IP.
Sends the event messages that the SNMP agent generates to the EMS collector process $0 on the local node.
Forwards requests pertaining to managed resources other than those defined in the System and SNMP MIB-II groups to the appropriate subagent and returns responses back to the requesting manager. The SNMP agent processes the SNMP MIB-II groups.
Note. Objec t s in t he SNMP agent’s zagInProfile group (see Us ing SCF to Configure
Compo nents of the SN M P Agent Environment on page 2-16) are access ible only if the
process accessor ID (PAID) of the manager process is compatible with that of the agent process.
Page 42
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-4
Subsystem Components
:
Subsystem Component s
Following are descriptions of the subsystem components.
SNMP Manager Station
A device on which an SNMP manager runs.
Figure 1-2. Key Components in the SNMP Environment
PDU
PDU
MIB
Definitions
SNMP
Manager Station
Managed
Resources
System 2
Local Area Network
Wide Area
Network
SNMP
Manager Station
MIB
Definitions
Managed
Resources
System 1
System 3
Managed
Resources
MIB
Managed
Resources
MIB
Subagent
Managed
Resources
MIB
Subagent
MIBSNMP Agent
Subagent
SNMP Agent
MIB
VST010.vsd
Page 43
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-5
SNMP Manager
SNMP Manager
An application that automates the management of network elements (managed resources) under the control of one or more SNMP agents. HP provides an SNMP
agent on its NonStop systems, and other vendors provide SNMP agents on their devices. An agent communicates with a manager using the message and information protocol defined in public SNMP documents known as RFCs.
The SNMP manager sends requests to and receives responses from agent processes. Communication between managers and the SNMP agent occurs through the NonStop TCP/IP subsystem, the Parallel Library TCP/IP subsystem or the NonStop TCP/IPv6 subsystem. The NonStop TCP/IP, Parallel Library TCP/IP, and Nonstop TCP/IPv6 subsystems support both local area networks (LANs) and wide area networks (WANs) or, through calls to NonStop Kernel interprocess communication (IPC) procedures, either locally or over Expand, when the manager resides on NonStop Kernel systems.
PDU
Organization of messages exchanged between managers and agents. Protocol d ata units (PDUs), defined i n RF Cs, conduct specifi c ope ratio ns, such a s retr i eving a va lue,
changing a value, or sending unsolicited notifications, known as traps, to an SNMP manager. Message Protocol on page 1-6 provides more detail about the various kinds of PDUs.
MIB
Information exchanged between managers and agents. An MIB describes a collection of objects that can be managed. An example of an MIB object is the physical location of a node. MIBs ar e descr ib ed in a la nguag e know n a s Abst rac t Syntax Not atio n On e (ASN.1). Some MIBs are Internet MIBs defined in RFCs. Other MIBs are vendor defined.
SNMP agent s access and modi fy va lues for MIB obj ect s on behalf of SNMP managers. An SNMP manager can interpret MIB values when the SNMP manager has access to a compiled version of the ASN.1 MIB definition. For more about MIBs, see Information
Protocol on page 1-9.
SNMP Agent
A process that intercepts PDUs from an SNMP manager and responds to them with PDUs. The agent accesses information described in MIBs, either directly or through SNMP subagents. The SNMP agent acts as a server for any SNMP network management requester, providing information about HP resources. The SNMP agent supports two MIB-II groups (System and SNMP) defined by RFC 1213, Management Information Base for Network Management of TCP/IP-Based Internets: MIB-II, and a private group (zagInternal) that is defined by HP. For more information about how the
Note. H-series RVUs do not suport Parallel Library TCP/IP
Page 44
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-6
SNMP Subagent
SNMP agent is implemented, see Architectural Overview of NonStop SNMP on page 1-14.
SNMP Subagent
Entity used by HP (and other vendors), in their SNMP implementations. SNMP subagents handle a particular collection of resources. Some subagents are implemented as independent processes, and some are bound into other processes, such as the agent process. Some subagents, such as those shown in Figure 1-2, have their own MIBs. Other subagents might implement multiple MIBs, or even share a MIB with another subagent. Some subagents can reside on a system different from the agent’s system. For details about each subagent HP currently offers, refer to Part II,
SCF for the SNMP Agent of this manual.
Toolkits
HP offers a Subagent Toolkit that helps programmers generate subagents that interoperate with the SNMP agent. Subagents make customer-written NonStop applications manageable by SNMP managers. For more information about the Subagent Toolkit, refer to the SNMP Subagent Programmer’s Guide.
HP also offers a Manager Services toolkit that allows C and C++ programmers to create SNMP managers that run as NonStop Kernel processes in either the Guardian or in the Open System Services (OSS) environment. For information about Manager Services, refer to the SNMP Manager Programmer’s Guide.
Message Protocol
In an SNMP environment, agents and managers communicate through the exchange of three types of messages:
Each SNMP message contains a unit of information called a PDU. Five types of PDUs are supported by any SNMP agent:
GetRequest
GetNextRequest
SetRequest (request PDUs)
GetResponse (response PDU)
Trap PDU
The format of SNMP messages is summarized in Figure 1-3 and described in more detail in the following subsection.
Reques t m es s ages Sent by a ma nager to initiate an action by an agen t Response messages Sent by an agent to respond to a manager’s request Trap messag es Sent by a n agent to not ify a manager of th e oc c urrence o f
significan t ev ents
Page 45
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-7
General SNMP Message Format
General SNMP Message Format
Each PDU is embedd ed in a messa ge, or p acke t, beginn in g with a versi on numbe r and a community name. The version number identifies the version of SNMP being implemented; currently, this value is always 1 for NonStop SNMP messages. The community name identifies one or more SNMP managers; it is used for access control. Following the version and community identifiers is one of the five types of PDUs.
Request PDUs
The three kinds of request PDUs have the same format as the response PDU, but the error-status and error-index fields are always set to 0. The request-id uniquely identifies individual requests. Variable-bindings are a list of variable names and corresponding values.
Figure 1-3. Format of SNMP Messages
version community PDU
PDU type request-id 0 0 variable-bindings
PDU type request-id error-status error-index variable-bindings
PDU type enterprise
agent-
address
generic-
trap
specific-
trap
time-
stamp
variable-bindings
General SNMP Message Format
Format of GetRequest, GetNextRequest, and SetRequest PDUs
Format of GetResponse PDU
Format of Trap PDU
name-1 value-1 name-n value-n
Format of Variable Bindings
VST011.vsd
Page 46
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-8
Response PDU
The three request PDUs are:
GetRequest PDU. This PDU performs a Get operation. The Get operation retrieves a value of a MIB object.
GetNextRequest PDU. This PDU performs a GetNext operation. The GetNext operation retrieves the value of the object instance that is next in lexicographic order.
SetRequest PDU. This PDU performs a Set operation. The Set operation alters the value of a MIB object.
Response PDU
The function per form ed by a Ge tResp on se PD U is re ferr ed to as a n SNM P Response operation. The Response operation returns a response to the originator of a Get,
GetNext, or Set operation. The response operation contains a request-id that associates it with a request PDU. The response PDU provides such information as error indications and values of MIB objects. Error-status values are described in
Appendix C, Unsolicited SNMP Agent Messages.
Trap PDU
The function per form ed by a Trap PDU is re ferr ed to as an SNMP Trap operation. The Trap operation issues an unsolicited message to an SNMP manager to signal an important event. The enterprise field provides the SNMP agent object identifier or subagent object identifier; the object identifier for the SNMP agent is
1.3.6.1.4.1.16 9.3.15 5.1. ( Object i de ntifiers a re d escribed under Informa ti on Proto col on page 1-9 The agent-address field is the Internet address of the device on which the agent forwarding the trap is installed. The generic-trap and specific-trap fields characterize the trap as a par ticular kind of trap. Values for traps that originate from the SNMP agent are descr ibed in A ppend ix C, Unsolicited SNM P Agent Message s. Values for traps from subagents are described in Se ction 9, EMS Trap Subagen t.
Transmitting and Receiving SNMP Packets
SNMP managers convert user requests into SNMP messages, or packets, as illustrated in Figure 1-3 on page 1-7. The manager then encodes these SNMP packets into a format that can be transported to and decoded by the target agent.
IPC-Encoded and BER-En coded SNM P Packets
The SNMP agent can process SNMP packets encoded using the HP IPC format. The IPC format provides the best encoding and decoding performance on NonStop Kernel systems.
Page 47
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-9
Information Protoc ol
Also, all agents can interpret information encoded according to the basic encoding rules (BER) associated with ASN.1, which define how to encode an ASN.1 value as an octet string. BER-encoded packets can be transmitted over any transport protocol that the manager and target agent mutually support.
Transmission Protocols Supported by the SNMP Agent
IPC-encoded SNMP packets are transmitted and received through NonStop Kernel interprocess communication calls. The SNMP agent supports the interface, #MGR, through which an IPC communication path between an SNMP manager and a SNMP agent can be established.
The most widely supported transmission protocol for transmitting and receiving BER­encoded SNMP packets is TCP/IP’s User Datagram Protocol (UDP). The SNMP agent supports the UDP protocol.
Differences in the way the SNMP agent handles requests received through the HP NonStop Kernel IPC and requests received through the UDP protocol are discussed
Section 2, Installing and Configuring the SNMP Agent and in Section 3, MIBs Supported by the SNMP Agent.
Information Protocol
The foundation of any network m anage ment system is a collection of infor matio n about the elements to be managed. In SNMP environments, this information is described by a MIB (Management Information Base). Each item in a MIB is known as a MIB object.
Internet-standard MIBs. These MIBs are approved by the Internet Architecture Board (IAB). MIB-I, MIB-II, and Remote Network Monitoring MIB. MIB-I is the original MIB for ma nagi ng TCP/IP- based interne ts. MIB -II is an exte nded ver si on of MIB-I and provides additional object definitions. Remote Network Monitoring MIB defines objects that manage remote network monitoring devices. Most MIB-II objects are supported by the TCP/IP Subagent; two MIB-II groups (System and SNMP) are supported by the SNMP agent. The Host Resources Subagent supports the standard Host Resources MIB, which is contained in the MIB-II subtree.
Experimental MIBs. These MIBs are used in Internet experiments.
Enterprise MIB s. These MIBs are vendor defined.
To promote interoperability, SNMP defines a standard scheme for naming all MIB objects.
Page 48
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-10
SNMP Naming Scheme
SNMP Nami ng Scheme
SNMP uses a hierarchical model to identify objects. Every object in an SNMP environment is identified by an object descriptor and an object identifier. Object descriptors are logical names. Object identifiers are expressed in numeric dot notation. For example, the System group of MIB-II is identified as:
system
1.3.6.1.2.1.1
As Figure 1-4 shows, an object identifier is a sequence of integers resulting from traversing a global tree. The object tree is composed of an unlabeled root connected to labeled nodes. Each node in turn can have subordinate nodes of its own. A node and its subordinate nodes make up a subtree. A node that has no subordinates is referred to as a leaf object.
Page 49
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-11
SNMP Naming Scheme
Figure 1-4. Nodes in the SNMP Object Tree
ccit (0) iso (1)
identified-organization (3)
dod (6)
internet (1)
directory (1) mgmt (2)
mib-II (1 )
system (1) interfaces (2) at (3) ip (4) icmp (5) tcp (6) udp (7) egp (8) cmot (9) transmission (10) snmp (11)
host (25) experimental (3) private (4)
enterprises (1)
tandem (169)
nonstopsystems (3)
tlam (19) tcp/ip (80) zsmp (155)
zsmpagent (1)
zagInternal (7)
zagInProcess (1) zagInEndpoint (2) zagInProfile (3) zagInTrapdest (4)
joint-iso-ccit (2)
1.3.6.1.2.1.1
object identifier =
VST012.vsd
object identifier =
1.3.6.1.4.1.169.3.155.1
Page 50
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-12
The Management Information Bas e
As Figure 1-4 indicates, MIB-II is described in the mgmt subtree. tandem has been assigned the value 169 in the enterprises subtree. In the tandem subtree, nonstopsystems has been assigned the number 3. The nonstopsystems subtree contains MIBs and subsystems defined by HP.
In the zsmp subtree of the nonstopsystems node, the SNMP agent subtree, zsmpagent, has been assigned the value 1. The object identifier for the SNMP agent is:
1.3.6.1.4.1.169.3.155.1
In the zsmpagent subtree, the zagInternal group (value of 7), encompasses the four subg roups (zagInProcess, zagInEndpoint, zagInProfile, and zagInTrapdest) that constitute the private portion of the SNMP agent’s MIB. The object identifier for this private MIB’s zagInternal group is:
1.3.6.1.4.1.169.3.155.1.7
Object identifiers not only identify organizations and their elements but also identify MIB objects. For example, the zagInTdHostAddr object from the zagInTrapdest group of the SNMP agent’s private MIB is:
1.3.6.1.4.1.169.3.155.1.7.4.2.1.4
The Management Information Base
Each MIB object is identified by an object descriptor and identifier. Sometimes MIB objects are divided into groups called object groups. Most items subordinate to MIB-II in Figure 1-4 are actually object groups. Examples are the UDP group, the Interfaces group, and the TCP group. Many of these groups are supported by the TCP/IP Subagent's MIB, as described in Section 8, TCP/IP Subagent.
Values for individual MIB objects can two forms:
Scalar. An object is assigned a scalar value when the object can have only one value. The length of time since the SNMP subsystem was brought up (sysUpTime) is an example of such an object.
Tabular. Some objects, such as TCP connections, can have multiple values, each describing a single instance of the object. These object values are organized into tables. Each row in the table represents information about a single object instance. A row in a table is referred to as an entry.
Each MIB object has an access attribute. This attribute determines the kind of access SNMP managers have to values of the object.
read-only The value can be retrieved but not modified. read-write The value can be both retrieved and modified. write-only The value can be modified but not retrieved. not-accessible The value cannot be retrieved or modified.
Page 51
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-13
The Management Information Bas e
In this manual, descriptions of MIB objects are normally provided in tables with four columns (in some instances, the third and fourth columns have been combined). This excerpt from the table describing the System grou p obj ect s in the S NMP agen t’s MIB is followed by a description of each column.
For a description of the objects in the SNMP agent’s MIB, see Section 3, MIBs
Supported by the S NMP Agent . For d escri pt ions of the objects in each subag ent’ s MIB ,
see Part IV, SNMP Subagents, of this manual. When objects are organized into tables, the sections provide information about how the tables are created and maintained.
Table 1-1. System Group Objects Supported by SNMP Agent's MIB
Object and Attributes Definition Format of Value
Derivation of Value
sysContact
1.3.6.1.2.1.1.4 read-write DisplayString (SIZE (0..255))
Information describ ing the contact pe rs on for this node. This value is stored in SNMPCTL.
The default value is unknown.
Initially, the default value. Can be set from an authorized SNMP manager.
Column 1 The first column identifies the MIB object and lists its attributes. This
information appears for each object: its name (object descriptor), its numeric identifier (object identifier), its access attribute, and its ASN.1
syntax. Column 2 The second column defines what the object’s value means. Column 3 The third column describes the format of the value. Column 4 The fourth column indicates how the value was derived.
Page 52
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-14
Traps
Traps
Traps are unsolicited messages forwarded by an agent to SNMP managers when significant events occur. Some traps and their contents are defined by the SNMP standards. Other traps are proprietary. Traps that the SNMP agent supports are defined in Part 3, MIBs Supported by the SNMP Agent. Traps that subagents offered by HP generate are described in Part IV, SNMP Subagents.
The SNMP agent can be configured to send traps to one or more specific SNMP managers. You can also suppress traps altogether.
Architectural Overview of NonStop SNMP
Figure 1-5 illustrates how the SNMP agent interacts with NonStop system and network
elements to provide SNMP support:
The SNMP agent communicates with the remote SNMP managers through the TCP/IP subsystem and these underlying subsystems:
°
X.25 Access Method (X25AM) The X25AM subsystem supports WAN data communications over an X.25
packet-switching network and is supported on G-series and H-series RVUs of the NonStop Kernel.
°
ServerNet LAN Systems Access (SLSA) subsystem The SLSA subsystem supports parallel LAN I/O on systems that implement
ServerNet.
The SNMP agent authenticates requests as it receives them using the scheme described in Section 2, Installing and Configuring the SNMP Agent.
The SNMP agent uses the Subsystem Programmatic Interface (SPI) protocol to send event messages to an Event Management Service (EMS) collector. Refer to
Appendix C, Unsolicited SNMP Agent Messages
, for a description of event
messages originating from the SNMP agent and to Part IV, SNMP Subagents
for
events from subagents.
Most of the MIB-II groups are supported by the TCP/IP Subagent (see Section 8,
TCP/IP Subagent), which supports the management of TCP/IP resources. Tw o
MIB-II groups (System and SNMP) are supported by the SNMP agent. (See
Section 3, MIBs Supported by the SNMP Agent.)
The SNMP agent also supports a private MIB (zagInternal group) that describes attributes of the SNMP agent process and defines the resources the SNMP agent
uses. These private MIB objects are defined by HP and are used to control the configuration and operation of the SNMP agent.
Page 53
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-15
Architectural Overview of NonStop SNMP
The SNMP agent uses Interprocess Communication (IPC) messages to communicate with independent subagents about the resources they manage. Subagents can reside on the same node as the SNMP agent or on different nodes. Each SNMP agent can support one instance of any particular subagent.
The SNMP control file (SNMPCTL) contains configuration parameters for the SNMP agent.
When the primary SNMP agent process is active, it writes trace records to the file ZZSMPTRP. When the backup process becomes active, it writes to the file ZZSMPTRB.
Page 54
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-16
Architectural Overview of NonStop SNMP
Figure 1-5. NonStop SNMP Architecture
SNMP
Manager Station
Local Area Network
Wide Area
Network
TCP/IP
($ZTC0)
Legend
IPC messages
SNMP request/response m essages SNMP traps
NSK operations
SNMP Agent
Independent
SNMP
Subagents
SNMPCTL
ZZSMPTRP
ZZSMPTRB
EMS
Collector
SNMP
Manager Station
MIB
SNMP
Manager
VST013.vsd
Page 55
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-17
RFC Compliance
RFC Compliance
The NonS top SNM P impleme nt ation compl ies wi th stand ards and guidel ine s publishe d in these RFCs:
RFC 1155, Structure and Identification of Management Information for TCP/IP-Based Internets. This document describes MIB naming conventions,
syntax, and other MIB object characteristics.
RFC 1157, A Simple Network Management Protocol (SNMP). This document describes the SNMP architecture and message protocol.
RFC 1212, Concise MIB Definitions. This document describes the ASN.1 conventions used to define SNMP MIBs.
RFC 1213, Management Information Base for Network Management of TCP/IP-Based Internets: MIB-II.
RFC 1215, A Convention for Defining Traps for Use With the SNMP. This document describes ASN.1 conventions for defining traps.
The degree to which subagents comply with MIB object definitions in RFCs is often documented in this manual in three-column tables. For example, the following excerpt from a table describes how the TCP/IP Subagent's MIB complies with IP group definitions in RFC 1213 and is followed by an explanation of each column in the table.
Table 1-2. Compliance With IP Group Definitions in RFC 1213
Object Descriptor Compliance Explanation
ipForwarding Partial Set operation not supported
Column 1 The first column lists the object descriptor. Column 2 The second column cont ai ns one of thr ee va lues i ndica ting th e deg ree to
which implementation of the object complies with RFC guidelines. “Yes”
indicates full compliance. “Partial” indicates some but not full
implementation of the object. “No” indicates no support for the object. Column 3 The third column provides comments that explain deviations and other
special behavior relative to the object.
Page 56
The NonStop SNMP Environment
SNMP Configuration and Management Manual—424777-006
1-18
Related Documents
Related Documents
The RFCs listed earlier and in other sections of this manual are public-domain documents that you can obtain from InfoWay or from one of the following sources:
DDN Network Information Center 14200 Park Meadow Drive, Suite 200 Chantilly, VA 22021 USA phone: 1-800-365-3642 mail: nic@nic.ddn.mil
The Internet. If your site has IP-co nnectivi ty to the Intern et comm unity, you can use anonymous FTP to the host nic.ddn.mil (residing at 192.112.36.5) and retrieve files from the directory
rfc/
Electronic mail. Send a message to
mail-server@nisc.sri.com
In the subject field, indicate the RFC number:
Subject: SEND rfcs/rfc1130.txt
Page 57
SNMP Configuration and Management Manual—424777-006
2-1
2
Installing and Configuring the SNMP Agent
The section tells you how to install, start, and stop the SNMP agent and how to configure the following:
SNMPCTL file (The SNMPCTL File o n page 2-6)
Multiple SNMP agents per node Starting Multiple SNMP Agents on Each Node on page 2-23)
EMS collector (Configuring the EMS Collector on page 2-25)
Security (Configuring Security on page 2-26)
TCP/IP request/response connections (Configuring TCP/IP Request/Response
Connections on page 2-34)
Trap destinations (Configuring Trap Destinations on page 2-38)
Installation
The SNMP agent is delivered ready to be installed and started without any custom configuration.
You install the SNMP agent using the Distributed Systems Management/Software Configuration Manager DSM/SCM product. The SNMP agent program file is installed on your system as:
$SYSTEM.SYSTEM.SNMPAGT
Refer to the DSM/SCM User’s Guide for complete software installation information. The device type for the SNMP agent is 31.
Before You Configure the SNMP Agent Operations Environment
To configure SNMP you must get the following information from the person responsible for the SNMP agent and from the person responsible for the SNMP manager with
Note. For G-series or later releases of the NonStop Kernel, DSM/SCM replaces the Install program as the standard tool for installing and managi ng new software.
Page 58
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-2
Before You Configure the SNMP Agent Operations
Environment
which the SNMP agent communicates. This information you gather gives you an idea of the configuration you’ll need.
The type of access required by the SNMP managers that communicate through TCP/IP to resources managed by the SNMP agent and subagents
The Internet address and community name of any SNMP manager that communicates through TCP/IP for which you want to refine the default security scheme
The Internet address of any SNMP manager that expects to receive trap messages
The community name, if any, that the SNMP manager expects to see in trap messages received from the SNMP agent
The HP resources that the SNMP manager wants to manage
The Internet addresses by which the SNMP agent can be reached
The SNMP traps and MIB objects the SNMP agent and its subagents support and what they mean in the context of the NonStop environment
The community name that must be included in requests to the SNMP agent
The location of the NonStop system on which the SNMP agent resides
Note. The S N M P im plemen ta ti on supported by HP us es subagen t s to h andle various collections of resources. The HP resources the SNMP manager wants to manage determine the subagents to be installed. The subagents to which the SNMP agent forwards requests are installed, started, and configured separately from the SNMP agent. Definin g t he connect ion between the s ubagent a nd t he SNMP agent is part of the subagent’s configuration, not the SNMP agent’s configuration.
Page 59
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-3
Initializa t ion Tasks
Initialization Tasks
Before you begin to configure the SNMP agent you should understand what the SNMP agent does when it is started to give you an idea of the state of the SNMP agent in which you’ll be configuring. When you start the SNMP agent, it performs these initialization tasks:
Ensures that the SNMP agent is running as a named process. If you did not specify a name, TACL assigns one.
Ensures that the SNMP agent i s run ning w ith supe r user gr oup acce ss priv ileges, if the PORT startup parameter is port 161 (the standard SNMP port for receiving manager requests) or a port number less than 1023. If the port number is greater than 1023, the SNMP agent generates an EMS event stating that the SNMP agent must run under a super group creator accessor ID and stops running. Refer to the description of the POR T st ar tup p ar amete r (p ag e 2-10) for m ore information on this topic.
Opens any TCP/IP subnets configured for communications with SNMP managers. If no TCP/IP subnets are available, the agent process starts but generates socket­error and state-change EMS event messages.
Starts a backup process if you requested one.
Processes configuration information. Creates a trap destination definition (if none already exists) for the Internet address associated with any manager from which the SNMP agent receives a request through TCP/IP.
The Default SNMP Agent
When started without any customization, the SNMP agent:
Receives and sends SNMP messages through NonStop Kernel IPC calls or through any available subnet associated with the TCP/IP process $ZTC0 on the local node.
Accepts any request received through TCP/IP that contains the community name “public” and gives the “public” community READONLY access.
Accepts any request received through the IPC interface and grants the requesting manager READWRITE access to all MIB objects supported by the SNMP agent and subagents except the SNMP agent’s private zagInProfile group objects.
Sends traps through the TCP/IP process $ZTC0 on the local node to the Internet address associated with each SNMP manager communicating using TCP/IP from which a request is received. Includes the community “Tandem” in the traps.
Note. Objec t s in t he SNMP agent’s zagInProfile group (see SNM P Agent P rivate MIB
Objects on page 3-31) are ac c es s ible only if the pr oc es s ac c essor ID (PAID) of the
manager process is co m patible with that of th e agent process. See Authentication Table
Entries on page 3-31 for more details.
Page 60
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-4
The Default SNMP Agent
Sends event messages it generates to the EMS collector process $0 on the local node.
Forwards requests pertaining to managed resources other than those defined in the System and SNMP MIB-II groups (which the SNMP agent itself processes) to the appropriate subagent, and returns responses to the requesting manager.
The subagents to which the SNMP agent forwards requests are installed, started, and configured separately from the SNMP agent. Defining the connection between the subagent and the SNMP agent is part of the subagent’s configuration, not the SNMP agent’s configuration. SectionIV, SNMP Subagents, describes installing, starting, and configuring the subagents that HP supports.
Figure 2-1 illustrates the default SNMP agent operating in an SNMP network
management environment.
Page 61
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-5
The Default SNMP Agent
Figure 2-1. Default SNMP Agent/Manager Interaction Over TCP/IP
SNMP agent responds to requests and also sends unsolicited trap messages,
in which it includes the
community name "Tandem,"
to manager
Subagent-3
SNMP Manager
HP NonStop Kernel System
Compaq NonStop Kernel System
TCP/IP
Expand
1
5
Managed
Resources
SNMP Agent
Subagent-1
Subagent-2
Managed
Resources
Subagent retrieves information from
managed
subsystem
4
SNMP agent forwards
authenticated requests
to appropriate subagent
Subagent sends response and trap messages to
SNMP agent
Managed
Resources
Authentication Table
Entry Entry
. .
2
3
6
$0
SNMP agent
sends events to
EMS collector
Legend
Trap messages
Request/response message
s
$ZTC0
VST999.vsd
Manager sends
requests for
information regarding
HP resources
SNMP agent authenticates GET and GETNEXT requests from "Public" community
Page 62
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-6
The SNMPCTL File
The SNMPCTL File
When started, the SNMP agent creates an SNMP control file (SNMPCTL) in the subvolume from which it is started. You control the SNMP agent by configuring the SNMPCTL file. If started using the TRACE startup parameter, the SNMP agent also creates two trace files (ZZSMPTRP and ZZSMPTRB) in the subvolume from which it is started.
Initially, the values shown in Table 2-1 are assigned to several objects in the SNMP agent's MIB. The SNMP agent’s MIB is described in detail in Section 3, MIBs
Supported by the SNMP Agent.
Configure the SNMCTL File to Control the SNMP Agent
Configure the SNMPCTL file in one of four ways:
RUN command parameters (RUN Command on page 2-7)
PARAM statements (PARAM Statements’ Custom Configuration for the RUN
Command on page 2-16)
Table 2-1. Initial Values of Objects in the SNMP Agent's MIB
MIB Object Initial Value System group objects:
sysDescr
Tandem NonStop Kernel System Version: Dxx Node: node-name Agent: agent-process-name
where Dxx is the product version of the SNMP agent; for
example, D23. sysObjectID 1.3.6.1.4.1.169.3.155.1 sysContact
"unknown"
sysName A name associated with the default TCP/IP process handling
communication between th e SN MP agent an d SNMP
managers. It is derived by a gethostname socket call against
the TCP/IP process specified in the
TCPIP^PROCESS^NAME s tartup parameter or, if none is
specified, against $Z T C 0 on the local no de. sysLocation
"unknown"
sysServices 7 9 SNMP group object:
snmpEnableAuthenTraps
1 (yes)
Page 63
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-7
RUN Command
The Subsystem Control Facility (SCF) (Using SCF to Configure Components of the
SNMP Agent Environment on page 2-16)
SNMP Set operations on SNMP agent private MIB objects (Configuring the SNMP
Agent Through SNMP Requests on page 2-17)
When the SNMP agent starts, it evaluates all startup parameters in this order:
1. A default value is assigned to every startup parameter.
2. PARAM statements are processed. Unrecognizable or erroneous parameters are ignored without comment.
3. Startup parameters in the RUN command line are pro cessed. With the exce ption of the SWAPVOL startup parameter, unrecognized or erroneous parameters cause the SNMP agent process to terminate. If you define a swap volume as anything other than a local disk, the SWAPVOL startup parameter is ignored, and a warning message is issued.
RUN Command
To start the SNMP agent, use the RUN command. No additional configuration beyond that provided through the RUN command startup parameters is required for the SNMP agent to receive and reply to SN MP reque sts so lel y throug h NonStop Ker nel IPC calls. However, even in this limited scope, additional configuration is required to allow the SNMP agent to forward traps to SNMP managers that communicate through NonStop Kernel IPC calls.
volume
identifies the volume on which the SNMP agent program file SNMPGT resides. You can omit the SNMP agent program if SNMPAGT resides on your current subvolume.
By default, when you install the SNMP agent, SNMPAGT is placed in $SYSTEM.SYSTEM.
subvolume
identifies the subvolume on which SN MPAGT re sides. You can omit the subvolume parameter if it is named in your TACL #PMSEARCHLIST.
Note. Yo u als o define som e components of the SNMP agen t configuration by using RUN line startup options, but these settings persist only as long as the agent process is running.
[RUN] [[$volume.]subvolume.]SNMPAGT / NAME [$agent-process] [,other-run-option]... / [startup-parameter [,startup-parameter]...]
Page 64
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-8
RUN Command
agent-process
identifies the agent process. You can specify one through five alphanumeric characters, but the first character must be alphabetic. HP recommends using $ZSNMP to identify an SNMP agent . If you are run ning mul tip l e SNMP agen ts on a single host (see Starting Multiple SNMP Agents on Each Node on page 2-23), HP recommends appending a digit: for example, $ZSNM0 and $ZSNM1.
If you don’t supply a value for agent-process at /NAME TA CL generates a name, because the SNMP agent must run as a named process. You need to know the name of the agent process to use SCF to configure the SNMP agent. You also need to know the name of the agent process to stop it. The SNMPCTL File and the
WARM Startup Parameter on page 2-14 tells you how to find out the name of the
agent process.
other-run-option
is any of the TACL RUN command options. Refer to the TACL Reference Manual for more information about these options. HP recommends using at least the NOWAIT option so you can resume TACL operations once the SNMP agent is started.
startup-parameter
is one of the following parameters that control attributes of the SNMP agent process. You can specify startup parameters either in the RUN command or through TACL PARAM statements issued before you issue the RUN command. F or more information on TACL PARAM statements, refer to PARAM Statements’
Custom Configuration for the RUN Command on page 2-16.
backup-cpu-number | COLD | WARM | COLLECTOR [$alternate-collector-process] | DATAPAGES pages [E[XTENSIBLE]] | MAXOPENERS number-of-subagents | PORT request-port-number | SUBAGENT^TIMEOUT timeout-seconds | SWAPVOL #disk-name | TCPIP^PROCESS^NAME [$node.]$tcp/ip-process | TRACE |
TRAPPORT trap-port-number |
Page 65
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-9
RUN Command
backup-cpu-number
specifies a backup process processor for a persistent agent process pair. The backup process monitors the primary process and takes over if the primary process fails. HP strongly recommends that you use this parameter.
This parameter should be an integer that identifies one of the processors on your system. By default, this parameter is omitted.
COLD | WARM
tells the SNMP agent what to do with the SNMP control file (SNMPCTL), if one exists, and where to get the SNMP configuration information. Every SNMP agent process stores configuration information and persistent MIB information in a file named SNMPCTL in the run subvolume.
COLD
instructs the SNMP agent to purge any SNMPCTL file in the run subvolume and crea te a n ew, empty SNM P file. To enable the SNMP ag ent to receive requests through TCP/IP, configure at least one ENDPOINT object. You can then complete your configuration either through SCF or through SNMP, as described in Part II, SCF for the SNMP Agent and in
Configuring the SNMP Agent Through SNMP Requests on page 2-17.
WARM
instructs the SNMP agent to use the SNMPCTL file in the run subvolume. If no SNMP file exists, the SNMP agent creates one and fills it with the default configuration values. WARM is the default value for this parameter.
COLLECTOR [$alternate-collector-process]
identifies the EMS collector to which the SNMP agent and its backup process send event messages. The default is $0 on the local node.
To suppress event messages, include this parameter with no value:
COLLECTOR
To send event messages to an alternate collector, identify the name of the collector process:
COLLECTOR $alternate-collector-process
After the SNMP agent is running, you can specify an alternate collector by using SCF. For more information, refer to Part II, SCF for the SNMP Agent.
If you specify a nonexistent alternate collector process name, event messages are suppressed.
Note. No ad dit ional configuration beyond that provided th rough the RUN command startup param et ers is required for the SNMP ag ent to receive SN M P requests solely through NonStop Kernel IPC calls.
Page 66
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-10
RUN Command
DATAPAGES pages [E[XTENSIBLE]]
specifies the amount of storage to allocate for general dynamic memory. Specify a value for pages that ranges from 0 to 65280, representing the
number of 2048-byte pages to be allocated. Including the keyword EXTENSIBLE makes the segment extensible. An
extensible data segment is one for which swap file extents are not allocated until needed. If you specify 0 pages, the SNMP agent allocates data pages dynamically as needed until one of the following conditions exists:
Approximately 4 megabytes are allocated.
The virtual memory limit is reached.
The underlying disk file space is unavailable.
The default value for this parameter is 2040 EXTENSIBLE. The default SNMP agent configuration uses about 1 megabyte of memory.
MAXOPENERS number-of-openers
specifies the total number of openers (including subagents, managers communicating through NonStop Kernel IPC calls, and SCF) that one SNMP agent process can simultaneously support. The default value is 20.
PORT request-port-number
specifies the port number to monitor for requests from managers communicating over TCP/IP. The default value is 161, the SNMP standard port for receiving requests. If a port number greater than 1023 is used, the agent process need not be associated with the super user group (255, n).
You can associate the SNMP agent process with the super user group in two says. From a TACL prompt:
Log on using a super group user ID before starting the SNMP agent.
Use the File Utility Program (FUP) to give ownership of the SNMP agent program file (SNMPAGT) to a super group user ID. Then secure SNMPAGT so that a user who does not have a super group user ID can execute SNMPAGT, and set the PROGID so that the owner ID of SNMPAGT is used as the creator accessor ID when the program is run. Refer to the File Utility Program (FUP) Reference Manual for more information.
SUBAGENT^TIMEOUT timeout-seconds
is the number of seconds the SNMP agent should wait before canceling a message to a subagent. The default is 3 seconds.
Page 67
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-11
RUN Command
SWAPVOL #disk-name
identifies the disk to use for swapping extended memory. Specify disk-name as an unqualified device name. Any qualification is
ignored. The default disk is the volume used for swapping the virtual data SNMP agent
processes, as specified by the optional SWAP run option. If you omit both the SWAPVOL startup parameter and the SWAP run option, the volume on which SNMPAGT resides is use d for b oth swapping and extende d mem ory swap ping, a situation that can result in insufficient available space.
TCPIP^PROCESS^NAME [$node.]$tcpip-process
specifies the default TCP/IP process to be used when request/response connection points and trap destinations are defined for the SNMP agent. Start the agent using the TCPSAM or TCP6SAM process name as input to this startup parameter only when the product is going to be run on Parallel Library TCP/IP or Nonstop TCP/IPv6.
The TCP/IP process is used as:
The default NETWORK attribute value for ENDPOINT objects created through SCF and the default zagInEpNetwork object value for zagInEndpointTable rows created through SNMP
The default NETWORK attribute for TRAPDEST objects created through SCF and the default zagInTdNetwork object value for zagInTrapdestTable rows created through SNMP
If you do not include the TCPIP^PROCESS^NAME startup parameter, the default TCP/IP process is $ZTC0 on the local node.
TRACE
enables tracing of the agent process if the backup process takes over. By default, tracing is not enabled.
When you enable tracing through TRACE, the SNMP agent creates a primary trace file (ZZSMPTRP) and a backup trace file (ZZSMPTRB) in the subvolume from which the primary trace file was started. To specify different trace file names, use a TACL DEFINE statement. For example:
ADD DEFINE =PRIMARY-TRACE-FILE, CLASS MAP, FILE $SYSTEM.SNMP.SNMPTRCP ADD DEFINE =BACKUP-TRACE-FILE, CLASS MAP, FILE $SYSTEM.SNMP.SNMPTRCB
For information about the DEFINE statement, refer to the TACL Reference Manual.
Use the TRACE startup parameter to enable tracing in the backup process. You can initiate tracing of the primary agent process by using the SCF TRACE command (as discussed in Section 7, Troubleshooting the SNMP Agent), but
Page 68
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-12
Special Considerations for Users of Logical Network
Partitions (LNPs)
tracing stops when the backu p process t akes over. The SCF trace file is closed and preserved when the backup process takes over.
TRAPPORT trap-port-number
specifies the trap port to send traps from the agent. If you do not specify this option, the default value for the trap port will remain 162.
Special Considerations for Users of Logical Network Partitions (LNPs)
Like NonStop TCP/IP, NonStop TCP/IPv6 allows you to restrict the connectivity of applications to particular subnets. However, T CP/IPv6 allows this through the creation of Logical Network Partitions (LNPs). The TCP/IPv6 Configuration and Management Manual gives a detailed explanation of how to create and use LNPs.
Each LNP is associated with a separate TCP6SAM process. Thus, each LNP on which you want to provide SNMP services requires that you run a separate instance of the SNMP Agent.
To provide SNMP services on one or more LNPs, you must issue a RUN command from a different subvolume for each of those LNPs.
For example, from within one subvolume, specify:
RUN $SYSTEM.SYSTEM.SNMPAGT / NAME $znm0 / & TCP^IP^PROCESS^NAME $zb03A
From within another, specify:
RUN $SYSTEM.SYSTEM.SNMPAGT / NAME $znm1 / & TCP^IP^PROCESS^NAME $zb01a
Note. If your RUN command does not specify a TCP6SAM process associated with a
particular LNP, an SMNP Agent has access only to the subnets comprising the Default Partition.
Page 69
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-13
Startup Parameter Summary
Startup Parameter Summary
Table 2-2. Summary of Startup Parameters (page1of2)
Startup Parameter What the Parameter Defines Default Behavior
backup-cpu-number
The bac k up proces s C PU f or a persistent agent proc ess pair.
No parameter value is assign ed, and no ba ckup process is created.
COLD | WARM Which SNMPCTL file to use
while running.
If SNMPCTL exists in the run subv olume, tha t file is used. O th erwise, the
SNMP agent creates an
SNMP C T L fi le us ing the default configuration val ues.
COLLECTOR [
$alternate-collector-
process
]
The EMS collector to which to send event messages.
$0 on the local node .
DATAPAGES
pages
[E[XTENSIBLE]]
The amou nt of s to rage to allocate for use as general dynamic memory.
240 2048-byte pages, extensible.
MAXOPENERS
number-of-openers
The maximum number of openers the agent can support simultaneously.
20.
PORT
request-port-number
The port number to monitor for manager requests. If a po rt number greater than 10 23 is used, the
SNMP agent need
not run as a proc ess associated with the super user group (255, n).
161, th e SN M P s tandard port for re c eiv ing requests.
SUBAGENT^TIMEOUT
timeout-seconds
The number of seconds the agent sho uld wait before canceling a message to a subagent.
3 seconds.
SWAPVOL $
disk-name The dis k to us e f or s w apping
extended memory.
The volu m e used for swappi ng virt ual dat a.
Page 70
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-14
WARM | COLD Custom Configuration Parameters
for the RUN Command
WARM | COLD Custom Configuration Parameters for the RUN Command
The startup parameters COLD and WARM allow you to customize how the SNMP agent functions. For details about COLD and WARM parameters see page 2-9.
If you start the SNMP agent using the WARM startup parameter, a default operations environment (from RUN command parameters) is automatically configured.
If you start the SNMP agent using the COLD startup parameter, you must explicitly configure all aspects of the operations environment.
The SNMPCTL File and the WARM Startup Parameter
When you start the SNMP agent using the WARM startup parameter (the default) and no SNMPCTL file exists in the run subvolume (the first time you start an SNMP agent process), the SNMP agent creates an SNMPCTL file and fills it with default RUN command configuration values. You can then modify the SNMP file using RUN command parameters, SCF, PARAM statements, or SNMP requests.
WARM is the default value.
TCPIP^PROCESS^NAME [/node.]$tcpip-process
The default TCP/IP process to be used when request/response connections and trap destinations are defined fo r t he SNMP
agent.
For Parallel Library TCP/IP, this is the TCPSAM process. See the T C P/IP (Parallel
Library) C onfiguration and Management Manual.
For NonStop TCP/IPv6, this is the TCP6SAM process. See the TCP/IPV6 Configuration and Management Manual.
$ZTC0 on the local node.
TRACE Enables tracing of the backup
agent proc ess.
No parameter value is assign ed, and no ba ckup proces s t racing is enabl ed.
TRAPPORT
trap-port-number
The trap port number to send traps to man ager.
162, th e SN M P s tandard port for sending traps.
Table 2-2. Summary of Startup Parameters (page2of2)
Startup Parameter What the Parameter Defines Default Behavior
Page 71
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-15
WARM | COLD Custom Configuration Parameters
for the RUN Command
If an SNMPCTL file already exists in the run subvolume (when you stop and restart an SNMP agent process), the SNMP agent uses the existing configuration values.
The SNMPCTL File and the COLD S tartup Parameter
When you start the SNMP agent using the COLD startup parameter and no SNMPCTL file exists in the run subvolume, the SNMP agent creates an empty SNMPCTL file. You must explicitly set each configuration value to be stored in the SNMPCTL file using the RUN command parameters.
When you start the SNMP agent specifying the COLD startup parameter and an SNMPCTL file already exists in the run subvolume, the SNMP agent purges the existing SNMPCTL file and creates an empty SNMPCTL file. You must explicitly set each configuration value to be stored in the empty SNMPCTL file using the RUN command. Values set when the COLD parameter is specified persist only as long as the agent process is running.
Here is an example of the RUN command in which the COLD parameter is specified:
RUN SNMPAGT /NAME $ZSNMP, NOWAIT/ COLD
Use SCF or SNMP to configure all components of the SNMP agent. (See Part II, SCF
for the SNMP Agent, for more information on SCF for SNMP.)
COLD and WARM Configuration Scenarios.
Note. To stop and resta rt an S N M P agent using the default configuration, you mus t s to p t he
SNMP ag ent, purge th e exist ing SNMPC T L f ile, a nd t hen restart the SNM P agent pr oc es s using the WARM op tio n.
COLD/WARM Startup Parameter
First Time SNMP Agent Started? How Is the SNMP Agent Configured?
COLD Yes/No
The SNMP agent creates an SNMPCTL file after purging any existing file by that name in the run subvolume. The SNMPCTL file must then be explicitly configured.
WARM Yes
No SNMPCTL file exists in the run subvolume. The SNMP agent creates an SNMPCTL file in the run subvolume and fills it with default values.
WARM No
An SNMPCTL file exists in the run subvolume. The SNMP agent opens the SNMPCTL file and is configured with the values specified in the SNMCTL file.
Page 72
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-16
The SNMPCTL File and TRAPPORT
The SNMPCTL File and TRAPPORT
The SNMPCTL file created using earlier versions of the SNMP agent is not compatible with the T9576G06 version. A workaround is to purge the old SNMPCTL file.
PARAM Statements’ Custom Configuration for the RUN Command
You can use TACL PARAM statements to set startup parameters prior to issuing the RUN command. Set the parameters one at a time, using the syntax described in RUN command startup-parameter on page 2-8, and precede the parameters with the keyword PARAM.
For example, these PARAM statements
PARAM DATAPAGES 4000 E PARAM TRACE PARAM TRAPPORT 2000 SNMPAGT /NAME $ZSNMP, NOWAIT, CPU 4/ 6
are equivalent to the following RUN command:
SNMPAGT /NAME $ZSNMP, NOWAIT, CPU 4/ 6, & DATAPAGES 4000 E, TRACE, TRAPPORT 2000
Using SCF to Configure Components of the SNMP Agent Environment
A third way to configure and manage the SNMP agent environment is with SCF. The following five components of the SNMP agent can be configured using SCF.
Refer to Part II, SCF for the SNMP Agent for complete information on SCF commands for SNMP.
SNMP Agent Process
The SCF PROCESS object represents the SNMP agent process. The only attribute you can manage through the SCF interface is the EMS collector to which the SNMP agent process sends event messages it generates.
Security
The SCF PROFILE object defines an entry in an authentication table that the SNMP agent consults to determine whether to accept or reject incoming requests from SNMP managers that communicate through TCP/IP.
Each SCF PROFILE object corresponds to a row in the SNMP agent’s private zagInProfileTable.
Page 73
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-17
Request/Response Connections
Request/Response Connections
The SCF ENDPOINT object identifies an Internet address and TCP/IP process to be used for the receiving and sending of SNMP request/response messages through TCP/IP.
Each SCF ENDPOINT object corresponds to a row in the SNMP agent’s private zagInEndpointTable.
Trap Connections
The SCF TRAPDEST object identifies an Internet address and TCP/IP process to be used for the sending of trap messages.
Each SCF TRAPDEST object corresponds to a row in the SNMP agent’s private zagInTrapdestTable.
Trap Port
The object trap port can't be configured or managed through SCF.
Configuring the SNMP Agent Through SNMP Requests
You can configure and manage the following components of the SNMP agent environment through SNMP requests.
Request/Response Connections
The SNMP agent’s zagInEndpoint group objects define the Internet addresses and TCP/IP processes to be used for the receiving and sending of request/response messages.
Trap Connections
The SNMP agent’s zagInTrapdest group objects identify the Internet addresses and TCP/IP processes to be used for the sending of trap messages. Trap ports can also be used.
Authentication Table Entries
The SNMP agent’s zagInProfile group objects define the authentication table entries to be used for authenticating requests received from SNMP managers that communicate with the SNMP agent through TCP/IP.
Page 74
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-18
Managing Configuration Definitions Through SNMP
Managing C onfiguration Definitions Through SNMP
You can manage the SNMP agent configuration by manipulating rows in the SNMP agent’s private MIB tables, as follows:
You create, alter the attributes of, activate, inactivate, and remove rows in the SNMP agent’s private MIB zagInEndpointTable to manage the TCP/IP connection points that the SNMP agent uses for request/response messages. Each row in the zagInEndpointTable corresponds to an SCF ENDPOINT object.
You create, alter the attributes of, activate, inactivate, and remove rows in the SNMP agent’s private MIB zagInTrapdestTable to manage the destinations to which the SNMP agent sends traps. Each row in the zagInTrapdestTable corresponds to an SCF TRAPDEST object. However, the object zagInTdPort cannot be viewed or managed through SCF, only from the manager.
You create, alter the attributes of, activate, inactivate, and remove rows in the SNMP agent’s private MIB zagInProfileTable to manage the authentication table entries that the SNMP agent uses for accepting or rejecting request messages received through TCP/IP. Each row in the zagInProfileTable corresponds to an SCF PROFILE object.
Page 75
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-19
Single-Node and Multiple-Node Scenar ios
Single-Node and Multiple-Node Scenarios
Figure 2-2. Running Multiple SNMP Agents on a Single Node
SNMP Manager
TCP/IP
SNMP Agent
($ZSNM1)
SNMP Agent
($ZSNM0)
Managed
Resources
Subagents
Managed
Resources
Subagents
130.25.88.1
130.25.88.2
VST202.vsd
Page 76
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-20
Single-Node and Multiple-Node Scenar ios
In Figure 2-2, two SNMP agent s ar e runnin g on the sam e node. To run multiple agen ts on a single node, issue the following two commands. Issue the first command from one subvolume and the second command from a different subvolume.
From one subvolume:
RUN $SYSTEM.SYSTEM.SNMPAGT /NAME $ZSNM0, NOWAIT/
From a different subvolume:
RUN $SYSTEM.SYSTEM.SNMPAGT /NAME $ZSNM1, NOWAIT/
If the standard SNMP port for receiving requests is used (port 161), only one agent process can use the TCP/IP subnet at a time. Distinct subnets ensure that each message is routed to the appropriate target SNMP agent. Therefore, the type of configuration illustrated in Figure 2-2 is possible only if at least one TCP/IP subnet is available for ea ch SNMP agen t runnin g. Each SNMP agen t must be rea ched thr ough a separate Internet address. You can configure both NonStop TCP/IP and NonStop TCP/IPv6 to have distinct subnets. (To configure distinct subnets for NonStopTCP/IP/v6, use the Logical Network Partition feature described in the TCP/IPv6 Configuration and Management Manual.)
In the Parallel Library TCP/IP environment, in order to bind each agent process to a subnet, you must alter the ENDPOINT object and change the HOSTADDR attribute to the IP address you want the agent bound to. See Remote Connections on page 2-37.
Caution. Each SNMP agen t n eeds exclusive acce s s to an SNMPCTL file. The SN M PC T L file used is the file that resides in the subvolume from which the SNMP agent is started. Therefore, each SNMP agent r unning on the s am e node must b e s ta rted from the subvolume in w hich the SNMPCT L f ile you want the agent to use re si des .
Note. H-series RVUs do not pr ovid e s upport for Parallel Library T C P/ I P.
Page 77
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-21
Single-Node and Multiple-Node Scenar ios
In Figure 2-3, SNMP agents on three different nodes process requests through the same TCP/IP process. This type of configuration is possible only if there is at least one TCP/IP subnet available for each SNMP agent running because a TCP/IP subnet can be used by only one agent process at a time. Each SNMP agent must be reached through a separate Internet address.
A disadvantage of this scenario is that \A and \C cannot be managed if \B fails.
Figure 2-3. Running SNMP Agents on Multiple Nodes
Note. YParallel Library TCP/IP and NonStop TCP/IPv6 do not support this configuration.
\B
\C
SNMP Agent
\A
SNMP ManagerSNMP Manager
SNMP Agent
SNMP Agent
TCP/IP
Managed
Resources
Subagents
Managed
Resources
Subagents
Managed
Resources
Subagents
130.88.25.1
130.88.25.2
130.88.25.3
VST203.vsd
Page 78
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-22
Single-Node and Multiple-Node Scenar ios
In Figure 2-4, two TCP/IP SNMP managers manage an overlapping set of resources. SNMP manager X monitors resources through SNMP agents 1 and 2. SNMP manager Y monitors resources through SNMP agents 3 and 2. SNMP agent 2 processes requests from both managers. The advantage of this scenario is that if \A or \C fails, resources accessed through SNMP agent 2 and its subagents can still be monitored.
Figure 2-4. Managing Overlapping Sets of Resources
SNMP Manager X
SNMP
Agent 2
\B
\A
SNMP
Agent 1
Subagents
Managed
Resources
Subagents
Managed
Resources
TCP/IP
SNMP Manager Y
\C
SNMP
Agent 3
Subagents
Managed
Resources
TCP/IP
130.88.25.2
130.88.25.1
130.88.26.1
130.88.26.2
VST204.vsd
Page 79
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-23
Starting Multiple SNMP Ag ents on Each Node
Starting Multiple SNMP Agents on Each Node
At least one TCP/IP subnet is required to handle communication between a NonStop agent process and an S NMP mana ger th at is usi ng TCP/IP. To find out whether at l east one subnet is available, issue the SCF INFO and STATUS commands against the TCP/IP subsystem SUBNET object, for example:
INFO SUBNET $ZTC*.*
TCPIP Info SUBNET \EAST.$ZTC0.* Name Devicename *IPADDRESS TYPE *SUBNETMASK #LOOP0 \NOSYS.$NOIOP 127.0.0.1 LOOP-BACK %HFF000000
#EN1 \EAST.LAN1 130.252.60.234 ETHERNET %HFFFF000
STATUS SUBNET $ZTC0.#EN1
TCPIP Status SUBNET \EAST.$ZTC0.#EN1 Name Status #EN1 STARTED
The NonStop agent can use a TCP/IP process on any node to communicate with SNMP managers.
When running more than one SNMP agent on the same node, and when the agent/manager transport protocol is not restricted to NonStop Kernel IPC calls, follow these guidelines:
Start each SNMP agent from a different subvolume. Each SNMP agent uses the SNMPCTL file on the subvolume from which the SNMP agent was run. Running each SNMP agent from a different subvolume ensures that each SNMP agent maintains its own distinct configuration.
Start only one SNMP agent process using the built-in defaults. Start additional SNMP agents in one of two ways:
°
Use the COLD startup parameter. Then configure at least one ENDPOINT object through SCF and complete the configuration through SCF or SNMP to avoid configuration conflicts.
°
Use the TCPIP^PROCESS^NAME startup parameter to specify a different TCP/IP process for the default response/request connection point. Note that:
For Parallel Library TCP/IP, the TCPIP^PROCESS^NAME is the name of a TCPSAM process.
See the TCP/IP (Parallel Library) Configuration and Management Manual for information about how to find the name of a TCPSAM process.
For NonStop TCP/IPv6,the TCPIP^PROCESS^NAME is the name of a TCP6SAM process.
Note. H-series RVUs do not pr ovid e s upport for Parallel Library T C P/ IP.
Page 80
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-24
Stopping the SNMP Agent
See the TCP/IPv6 Configuration and Management Manual for information about how to find the name of a TCP6SAM process.
See also The TCP/IP Subagent and Its Managed Resources on page 8-4.
The following example starts two SNMP agents on the same HP node. For Parallel Library TCP/IP and NonStop TCP/IPv6, the TCP/IP process name is the TCPSAM/TCP6SAM name.
$SYSTEM TCON 5> RUN $SYSTEM.SYSTEM.SNMPAGT/NAME $ZSNM0, NOWAIT/ $SYSTEM TCON 6> VOLUME $SYSTEM.TCON1 $SYSTEM TCON1 7> RUN $SYSTEM.SYSTEM.SNMPAGT/NAME $ZSNM1, NOWAIT/& $SYSTEM TCON1 7> TCPIP^PROCESS^NAME $ZTC1 $SYSTEM TCON1 12> SCF SCF - T9082D20 - (01JUN93) (18MAY93) - 01/09/96 12:38:06 System \EAST Copyright Tandem Computers Incorporated 1986 - 1996
1-> INFO PROCESS $ZSNM0, SUB ALL SNMP Info PROCESS
Name *EMS Collector $ZSNM0 \EAST.$0
SNMP Info PROFILE Name *Access *Hostaddr *Community
$ZSNM0.#DEFAULT READONLY 0.0.0.0 public SNMP Info ENDPOINT Name *Network *Hostaddr
$ZSNM0.#DEFAULT \EAST.$ZTC0 0.0.0.0 2-> INFO PROCESS $ZSNM1, SUB ALL
SNMP Info PROCESS Name *EMS Collector
$ZSNM1 \EAST.$0 SNMP Info PROFILE Name *Access *Hostaddr *Community
$ZSNM1.#DEFAULT READONLY 0.0.0.0 public SNMP Info ENDPOINT Name *Network *Hostaddr
$ZSNM1.#DEFAULT \EAST.$ZTC1 0.0.0.0
Stopping the SNMP Agent
To stop an SNMP agent process, issue the STOP command from a TACL prompt, naming the agent process you want to stop:
STOP $ZSNMP
Page 81
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-25
Configuring the EMS Collect o r
Get the name of the SNMP agent process using either the SCF STATUS PROCESS $ZSNMP command or the TACL STATUS command.
STATUS PROCESS $ZSNMP SNMP Status PROCESS $ZSNMP Name Status Trace Trace File $ZSNMP STARTED OFF N/A
status *, prog $system.system.snmpagt
Process Pri PFR %WT Userid Program file Hometerm
$DMA 5,85 144 011 255,209 $SYSTEM.SYSTEM.SNMPAGT $T304.#TRM6
Configuring the EMS Collector
Configuring the EMS collector requires the following tasks:
Direct the SNMP agent process to send its events to a specific EMS collector
Configure and manage the authentication mechanism by which the SNMP agent accepts or rejects requests from SNMP managers through TCP/IP
Configure and manage TCP/IP request/response connections between the SNMP agent and SNMP managers
Configure and manage the definitions of destinations to which the SNMP agent sends traps
When you start the SNMP agent using the default startup parameters, the SNMP agent sends its events to the EMS collector $0. To use an EMS collector other than $0:
Include the COLLECTOR startup parameter when you start the SNMP agent.
Use the SCF ALTER command to change the EMSCOLL attribute of the PROCESS obje ct.
Collector process information is not stored in the SNMPCTL file. When you stop and restart an SNMP agent process, you must resp eci fy the nondef ault collec tor pro cess to which you want the SNMP agent to send its events.
Note. No MIB obje c t exis t s in the SNMP ag ent’s private za gI nProc ess grou p for spe cifying the EMS collector.
Page 82
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-26
Using the COLLECTOR Startup Parameter
Using the COLLECTOR Startup Parameter
To cause both primary and backup agent processes to send events to an EMS collector other than $0, include the COLLECTOR startup parameter when you start the SNMP agent. For example:
RUN SNMPAGT/NAME $ZSNMP, NOWAIT/ COLLECTOR $ACOL
Although HP does not recommend doing so, you can suppress output of SNMP agent events altogether by including the COLLECTOR startup parameter with no argument:
RUN SNMPAGT/NAME $ZSNMP, NOWAIT/ COLLECTOR
This approach is the only way to suppress event logging. You cannot suppress event logging through SCF.
For more information on the COLLECTOR startup parameter, refer to COLLECTOR
[$alternate-collector-process] on page 2-9.
Using the SCF ALTER PROCESS Command
You can also specify that the agent process send its events to an alternate collector by issuing an SCF ALTER command against the PROCESS object and specifying a new value for the EMSCOLL attribute. For example:
ALTER PROCESS $ZSNMP, EMSCOLL $ACOL
Configuring Security
Before the SNMP agent processes an SNMP request, the SNMP agent authenticates the request to determine whether the SNMP manager is qualified to perform the operation in the request. The request authentication rules implemented by the SNMP agent depend on whether the SNMP manager is communicating through NonStop Kernel IPC calls or through the TCP/IP UDP transport protocol.
Authenticating Requests Received Over TCP/IP
To configure the basis on which the SNMP agent accepts or rejects requests from SNMP managers that communicate through TCP/IP, build an authentication table. Each entry in the authentication table is one instance of a PROFILE object, or one row in the SNMP agent’s private zagInProfileTable. You can configure, request information about, and manage authentication table entries in two ways:
By issuing SNMP Set requests against the SNMP agent’s zagInProfile group objects from an SNMP manager that uses NonStop Kernel IPC calls to communicate with the SNMP agent.
By issuing SCF commands against PROFILE objects.
Page 83
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-27
Authe n ticating Req u e sts Re c e i ved O ve r T C P/IP
To avoid extraneous authenticationFailure traps, configure security before you configure request/response connection points. Request/response connection points are represented by SCF ENDPOINT objects or by rows in the SNMP agent private zagInEndpointTable. For more information, refer to Configuring TCP/IP
Request/Response Connections on page 2-34.
The Authentication Mechanism
Authentication is the procedure by which the agent process accepts or rejects
requests from an SNMP manager that communicates through TCP/IP. The SNMP agent looks at three element s of an incom ing SNM P messa ge to deter mine
whether to process (or forward) a request:
The community name portion of the community string included in the message
The Intern et addre ss from which the request originated
The SNMP operation that the SNMP manager wants the agent process to run or forward for running on the manager’s behalf
Community Strings
Each request that an SNMP agent receives from an SNMP manager includes a community string composed of one or two discrete sections delimited by two colons (::) as follows:
community-name[::subagent-password]
The community string included in incoming requests is part of the SNMP manager’s configuration and is set as described in the documentation provided by the vendor of the SNMP manager.
The SNMP agent parses the community-name portion of the community string. Community names that an SNMP age nt recogn izes are configur ed thro ugh SCF by the system administrator responsible for the SNMP agent.
When an SNMP agent process receives a request, the SNMP agent searches for a matching community name in the auth entication t able. If the SNMP agent does not find a matching community name entry in the authentication table, the request is dropped. If the snmpEnableAuthenTraps object in the SNMP group supported by the SNMP agent is set to 1, the SNMP agent also sends an authenticationFailure trap to all broadcast type trap destinations. Trap destinations are represented by SCF TRAPDEST objects or by rows in the SNMP agent’s private zagInTrapdestTable. (For more information, see Configuring Trap Destinations on page 2-38.)
Note. The subagent-password is passed to the subagent by the SNM P agent an d is us ed by the subagent to employ additional security. For more inform at ion, see After a Request Has
Been Authenticate d on page 2-31.
Page 84
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-28
Authe n ticating Req u e sts Re c e i ved O ve r T C P/IP
Internet Addresses
Each entry in the authentication table contains a single Internet address or a full wild­card address (0.0.0.0.) specification. Internet addresses are discussed in detail in the TCP/IP Configuration and Management Manual.
When the SNMP agent finds a community name match, the SNMP agent looks at the address from which the request originated. If the address contained in the incoming request matches the address in the authentication table entry, the SNMP agent accepts the request.
If the SNMP agent does not find a matching Internet address entry in the authentication table, the request is dropped. If configured to do so, the SNMP agent sends an authenticationFailure trap to all trap destinations.
SNMP Operations
The authentication table also describes the SNMP operations authorized for each community. Allowable SNMP operations are described by one of two access modes, specified as ACCESS attributes in SCF: READONLY and READWRITE.
If the access mode is READONLY, the SNMP agent accepts GetRequest and GetNextRequest PDUs from the SNMP manager. SetRequest PDUs are dropped.
If the access mode is READWRITE, the SNMP agent accepts SetRequest, GetRequest, and GetNextRequest PDUs from the SNMP manager.
If the request is for an unauthorized operation, the request is dropped. If configured to do so, the SNMP agent sends an authenticationFailure trap to all trap destinations.
If the request passes all three tests (community name, Internet address, and access mode), the SNMP agent is said to have authenticated the request.
Configuring the Authentication Table
An authentication table entry has the following attributes:
You name the object when you define it.
COMMUNITY or zagInPfCommunity is a community name, unique among authentication table entries.
HOSTADDR or zagInPfHostAddr is an SNMP manager Internet address.
SCF SNMP Agent Private MIB Object Attribute Table Object Within Table Row
PROFILE #profile-name zagInProfileTable zagInPfName
COMMUNITY zagInPfCommunity HOSTADDR zagInPfHostAddr ACCESS zagInPfAccess
Page 85
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-29
Authe n ticating Req u e sts Re c e i ved O ve r T C P/IP
ACCESS or zagInPfAccess specifies the SNMP operations authorized for each community: READONLY or READWRITE.
The default auth entic atio n t able entry is name d $agent-process.#DEF A ULT and has the following attribute values associated with it (the SNMP agent process is $ZSNMP):
PROFILE $ZSNMP.#DEFAULT, COMMUNITY public HOSTADDR 0.0.0.0, ACCESS READONLY
You must add an authentication table entry for each community (other than “public”) from which the SNMP agent will be receiving SNMP requests.
Unless you stop or alter the default authentication table entry, the SNMP agent continues to accept incoming Get and GetNext requests from any SNMP manager belonging to the “public” community, regardless of other table entries you define to tighten security.
Page 86
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-30
Authe n ticating Req u e sts Re c e i ved O ve r T C P/IP
Figure 2-5. Authenticating Requests Received Through TCP/IP
LogicalIdentifer
---------------------
#UBLAN
#DEFAULT
COMMUNITY
-------------------
Private
public
ACCESS
-------------------
READWRITE
READONLY
HOSTADDR
----------------------
130.253.15.230
0.0.0.0
SNMP agent
receives request.
N
O
N O
N O
YES
YES
Does
access mode permit
requested operati on?
YES
SNMP Manager Station
Authentication Table
Request
authenticationFailure Trap
Response
private::tsmaccess 130.253.15.230 GetNext
Does entry
exist?
SNMP agent looks for
entry containing community
name.
Does address
in request match
address
in table entry?
SNMP agent processes
request or forwards request to
appropria te sub agent.
VST302.vsd
Page 87
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-31
Authenticating Requests Received Using the IPC
Interface
In Figure 2-5, the authentication table permits the SNMP agent to accept Get and GetNext requests from any SNMP manager belonging to the “public” community, as well as Set requests sent under the “Private” community from the SNMP manager whose address is 130.252.15.230. The SCF commands that defined this nondefault PROFILE object are:
ASSUME PROCESS $ZSNMP ADD PROFILE #UBLAN, COMMUNITY Private,& ACCESS READWRITE, HOSTADDR 130.253.15.230 START PROFILE #UBLAN
This request would be authenticated. Note that the trap messages shown in Figure 2-5 are generated only when:
A message is received that fails authentication.
The snmpEnableAuthenTraps object in the SNMP group of the SNMP agent’s MIB is set to 1.
Refer to Configuring Trap Destinations on page 2-38 for more information on traps.
Authenticating Requests Received Using the IPC Interface
Requests received using the IPC interface are authenticated as follows:
The community name and Internet address in the request are not examined. (However, they are passed to the subagent to which the request is forwarded; the subagent can then employ additional security based on the community name and Internet address.)
All MIB objects under the control of the SNMP agent are accessible. Requests for operations on objects in the zagInProfile group are performed only if the PAID of the SNMP manager process is compatible with the PA ID of the agent process. If the agent process is associated with the super user group (user ID 255,n), the SNMP manager process must also be associated with the super user group. If the agent process is not associated with the super user group, the PAID of the SNMP manager process is irrelevant.
Requests for MIB objects under the control of subagent are passed to subagents for processing, as described in the following subsection.
After a Request Has Been Authenticated
Authentication allows the SNMP manager access to the following SNMP agent services:
Access to the MIB-II SNMP and System group objects, as well as the private MIB objects supported by the SNMP agent. These requests are processed by the SNMP agent.
The forwarding of SN MP reque sts con cerni n g MIB obj ect s suppo rted by sub agen ts to the appropriate subagent process.
Page 88
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-32
Security Scenarios for SNMP Managers Using
TCP/IP
By default, authenticated manager requests forwarded to subagents are processed in accordance with the access attributes of individual MIB objects. SNMP managers can perform Get and GetNext operations on read-only MIB objects and Get, GetNext, and Set operations on read-write objects.
When the SNMP agent forwards a request to a subagent, the forwarded request includes the Internet ad dress an d comm uni ty string . The sub agent can use the Inte rnet address and the subagent-password portion of the community string to employ additional security, responding to a request to access a MIB object, independent of the subagent’s access attributes, only if the request contains a particular password and originates from a specific Internet address. This option, known as subagent request authentication, requires that the password appear as follows in the manager station’s community string:
agent-community-string::subagent-password
Security Scenarios for SNMP Managers Using TCP/IP
Table 2-3. Security Scenarios (page 1 of 2)
Scenario Tasks
Method (SCF Commands)
Allow an SN M P manager to retrieve information only.
Ask the SNMP administrator to send requests to th e SN MP agen t u nder the “public” c om m unity.
By default, the SNMP agent accepts Get and GetNext requests from all members of the “public” community.
Ask the SNMP administrator.
Allow an SN M P manager to set values and retriev e information.
Configu re an authen ti ca t ion table entry for the host address of the SNMP manager, give the au t henticatio n tab le a unique community name, and assign t he table READWRITE access. Then activate the entry and inform the SNMP administrator of the community name that must be present in requests sent to the SNMP agent.
The SNMP agent accepts Get, GetNext, and Set requests that contain the new community name.
ADD PROFILE START PROFILE
Allow an SN M P manager to retrieve information only.
Ask the SNMP administrator to send requests to th e SN MP agen t u nder the “public” c om m unity.
By default, the SNMP agent accepts Get and GetNext requests from all members of the “public” community.
Ask the SNMP administrator.
Page 89
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-33
Security Scenarios for SNMP Managers Using
TCP/IP
Alternatively, you can simply alter the default P R OF I LE entry and assign READWRITE access to the “public” community. In this case, you should also alter the default host address to make it more restrictive. (Otherwise, all SNMP managers sending requests under the “public” community can alter variables.) Then activate the PROFILE entry.
STOP PROFILE ALTER PROFILE START PROFILE
Revoke Set privileges from an SN MP manager, but allow it to retrieve information.
Deactivate the authentication table entry for the community under which the SNMP manager has bee n s ending re quests. Alte r the SNMP manager’s access mode to READONLY. Then reactivate the authent ic at ion table entry.
The REA D ON LY access w ill apply to all managers using the community name. If READONLY access is not acceptable, ask the ot her SNMP administrators t o reconfig ure their managers to send requests under a different c om m unity nam e.
STOP PROFILE ALTER PROFILE START PROFILE
Revoke all access privileges from an SNMP manager.
Deactivate the authentication table entry for the community under which the SNMP manager has bee n s ending re quests.
The SNMP agent accepts no requests from the SNMP manager.
STOP PROFILE
If more tha n one SNMP m anager se nds requests under that co m m unity, alter the host address to exclude the particular manager. Then activate the entry.
STOP PROFILE ALTER PROFILE START PROFILE
If you cann ot alt er the host a ddress to excl ude one manager, ask th e ot her SNMP adminis tr at ors t o reconfigure their managers to send requests under a different co m m unity name . Then add an authent ic at ion table entry fo r th e new community and activ ate the entr y.
STOP PROFILE ADD PROFILE START PROFILE
Table 2-3. Security Scenarios (page 2 of 2)
Scenario Tasks
Method (SCF Commands)
Page 90
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-34
Configuring TCP/IP Request/Response Connec tions
Configuring TCP/IP Request/Response Connections
The TCP/IP process handling the communication between the SNMP agent process and SNMP managers is represented by a request/response connection definition. You specify and request information about the request/response connections by issuing:
SCF commands against ENDPOINT objects.
SNMP Set requests against the SNMP agent’s zagInEndpointTable entry objects, as described in Section 3, MIBs Supported by the SNMP Agent.
A TCP/IP request/response connection definition has the following attributes:
You name the object when you define it.
HOSTADDR or zagInEpHostAddr is the Internet address by which the SNMP agent can be addressed. The Internet address is the TCP/IP subnet address through which the SNMP agent receives requests from SNMP managers.
NETWORK or zagInEpNetwork is the TCP/IP process that handles request/response messages.
The default TCP/IP request/response connection definition specifies that the SNMP agent receives SNMP requests and returns responses through any available subnet associated with TCP/IP process $ZTC0 on the node on which the agent process is running.
You can specify that a different TCP/IP process be used in the default configuration by including a TCPIP^PROCESS^NAME startup parameter in the RUN command when you start the SNMP agent process.
Using the default request/response connection definition or passing a TCP/IP process name at start up works for an SNMP age nt proce ss that is not shar in g the same TCP /IP subsystem with other SNMP agent processes. However, when multiple SNMP agent processes use the same TCP/IP subsystem to communicate with SNMP managers, you must ensure that each SNMP agent process has a distinct subnet available for its own use or that each SNMP agent process has been configured at startup to use a unique port. Configuring distinct subnets ensures that each message is routed to the appropriate ta rget SNM P agent.
SCF SNMP Agent Private MIB Object Attribute Table Object Within Table Row
ENDPOINT #endpoint-name zagInEndpointTable zagInEpName
HOSTADDR zagInEpHostAddr NETWORK zagInEpNetwork
Page 91
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-35
Single-Agent Connections
Single-A gent Connections
When only one SNMP agent uses a TCP/IP process, defining the request/response connection is straightforward. Use the default host address value and ensure that at least one subnet is available to handle communication with the SNMP managers. You can issue SCF INFO and STATUS commands ag ainst the T CP/IP subsyst em SUBNE T object to find out about the availability of subnets. For example:
info subnet $ztc0.*
TCPIP Info SUBNET \WEST.$ZTC0.* Name Devicename *IPADDRESS TYPE *SUBNETMASK #LOOP0 \NOSYS.$NOIOP 127.0.0.1 LOOP-BACK %HFF000000
#SUBNET1 \WEST.LAN1 130.252.88.1 ETHERNET %HFFFF0000 #SUBNET2 \WEST.LAN2 130.252.87.1 ETHERNET %HFFFF0000
status subnet $ztc0.#subnet2
TCPIP Status SUBNET \WEST.$ZTC0.#SUBNET2 Name Status #SUBNET2 STARTED
Multiple-A gent Co n ne c tions
If the same TCP/IP subsystem is handling SNMP agent/manager communication for more than one SNMP agent process, each SNMP agent must either be reached through a separate Internet address or must be configured at startup to use a unique port. You must configure nonoverlapping host address values in request/response connection definitions.
If a request/response connection has been defined to use the full wild-card specification (0.0.0.0) to refer to all Internet addresses associated with a particular TCP/IP process, and you want to start another SNMP agent process to be reached through the same TCP/IP process, you must configure nonoverlapping host address values in the two SNMP agents’ request/response connection definitions.
Page 92
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-36
Multiple-Agent Connections
In Figure 2-6 a successful configuration involving two SNMP agents uses the same TCP/IP process for request/response communications. In this configuration, the following is assumed:
$ZSNM0 and $ZSNM1 were started from different subvolumes with the built-in defaults.
The default request/response connection definition associated using each SNMP agent was altered as illustrated in the following SCF commands:
STOP ENDPOINT $ZSNM1.#DEFAULT STOP ENDPOINT $ZSNM0.#DEFAULT ASSUME PROCESS $ZSNM1
ALTER ENDPOINT #DEFAULT, HOSTADDR 130.25.88.2
START ENDPOINT #DEFAULT ASSUME PROCESS $ZSNM0
ALTER ENDPOINT #DEFAULT, HOSTADDR 130.25.88.1
START ENDPOINT #DEFAULT
Each SNMP agent now has a distinct subnet to handle communication with SNMP managers.
Figure 2-6. Multiple Local SNMP Agents, Single Host Request/Response Connections
SNMP Manager
130.25.88.1
130.25.88.2
$ZTC0
SNMP
Agent
($ZSNM1)
SNMP Agent
($ZSNM0)
VST304.vsd
Page 93
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-37
Remote Connections
Remote Connections
The TCP/IP process used for communicating with SNMP managers does not have to be on the same n ode as th e agen t pro cess. A s in the scen ari o fe aturin g mult iple SNM P agents sharing a TCP/IP process on one host (Figure 2-6), you need to ensure that every local and remote agent process sharing the TCP/IP process uses a unique subnet address. In Parallel Library TCP/IP, the agents are not associated with TCP/IP processes but rather just with the IP addresses. This procedure of altering the ENDPOINT is the method by which you bind the agent to unique IP addresses in the Parallel Library TCP/IP process.
In Figure 2-7, agent processes on three nodes are started using the built-in defaults. Later, the default request/response connection definitions are altered for all three SNMP agents. The following example illustrates altering connection definitions using SCF:
SYSTEM \B ASSUME PROCESS $ZSNMP STOP ENDPOINT #DEFAULT
ALTER ENDPOINT #DEFAULT, HOSTADDR 130.25.86.2 START #DEFAULT
SYSTEM \A ASSUME PROCESS $ZSNMP STOP ENDPOINT #DEFAULT
ALTER ENDPOINT #DEFAULT, NETWORK \B.$ZTC0, & HOSTADDR 130.25.86.1 START #DEFAULT
SYSTEM \C ASSUME PROCESS $ZSNMP STOP ENDPOINT #DEFAULT
ALTER ENDPOINT #DEFAULT, NETWORK \B.$ZTC0, & HOSTADDR 130.25.86.3 START #DEFAULT
Note that the ENDPOINT definition for the SNMP agent on node \B uses the default NETWORK attribute value, so this attribute need not be included in the ALTER command.
Note. H-series RVUs do not pr ovid e s upport for Parallel Library T C P/ I P.
Page 94
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-38
Configuring Trap Destinations
Configuring Trap Destinations
Each SNMP manager to which the SNMP agent process sends trap messages is represented by a trap destination definition. You specify and request information about trap destinations by issuing:
SCF commands against TRAPDEST objects.
SNMP Set requests against the SNMP agent’s zagInTrapdestTable entry objects, as described in Section 3, MIBs Supported by the SNMP Agent.
Figure 2-7. Multiple Remote SNMP Agents, Single Host Request/Response Connections
\B
\C
SNMP Agent
($ZSNMP)
\A
SNMP Manager
130.25.86.1
130.25.86.2
130.25.86.3
SNMP Manager
SNMP Agent
($ZSNMP)
SNMP
Agent
($ZSNMP)
$ZTC0
VST305.vsd
Page 95
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-39
Configuring Trap Destinations
A trap destination definition has the following attributes:
You name the object when you define it.
COMMUNITY or zagInTdCommunity specifies the name included in trap messages. This attribute is assigned the value “Tandem” by default.
HOSTADDR or zagInTdHostAddr specifies the Internet address of an SNMP manager to which traps are to be sent. You cannot use the wild-card Internet address designation “0.0.0.0” as a value for this attribute; each value must be a unique Internet address. No default value exists for this attribute.
NETWORK or zagInTdNetwork specifies the TCP/IP process that handles the sending of trap messages. The TCP/IP process determines which subnet to use for the actual dat a tran sfer. The default val ue is the T CP/I P process specified in the TCPIP^PROCESS^NAME startup parameter or, if none was specified, $ZTC0 on the local node.
The zagInTdType object specifies the type of the trap destination: directed or broadcast. Directed trap destinations receive only trap messages specifically directed to the trap destinations by the agent or subagent from which the trap originates. Broadcast trap destinations receive all trap messages except directed ones.
The zagInTdPort object speci fies the por t to which trap s shou l d be sent. The obj ect zagInTdPort cannot be viewed or managed through SCF, only from the SNMP manager.
You can configure as many trap destination definitions as you like. SCF issues a warning if you add a definition that points to a currently defined destination. In this case, duplicate traps are sent to the same address.
SCF SNMP Agent Private MIB Object Attribute Table Object Within Table Row
TRAPDEST #trapdest-name zagInTrapdestTable zagInTdName
COMMUNITY zagInTdCommunity HOSTADDR zagInTdHostAddr NETWORK zagInTdNetwork
zagInTdType zagInTdPort
Note. SCF does not provide for defining directed type trap destinations. All trap destination definitions created through SCF are of type broadcast. (However, trap designation definitions can be modified through SNMP to type directed.)
Page 96
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-40
Dynamically Generated Trap Destinations
Dynamically Generated Trap Destinations
If no trap destinations are defined, then for every SNMP manager communicating through TCP/IP from which the SNMP manager receives a request, the SNMP agent creates a trap destination definition. The trap port value is 162, the default value. Each dynamically generated TRAPDEST object contains the default community, network, and trap type attribute values. The host address attribute of each dynamically generated TRAPDEST object is the Internet address from which the request was received. These TRAPDEST objects are named “#DYNA0,” “#DYNA1,” and so on, and are stored in the SNMPCTL file.
For example, if the SNMP agent receives a request through TCP/IP from the manager at Internet address 130.252.86.10, the SNMP agent creates and starts the following TRAPDEST object:
TRAPDEST $agent-process.#DYNA0, COMMUNITY Tandem, NETWORK $ZTC0, HOSTADDR 130.252.86.10
Then, if the SNMP agent receives a request from the SNMP manager at Internet address 155.186.130.123, the SNMP agent creates and starts another TRAPDEST object:
TRAPDEST $agent-process.#DYNA1, COMMUNITY Tandem, NETWORK $ZTC0, HOSTADDR 155.186.130.123
Once you explicitly create a TRAPDEST object using the ADD command, dynamic TRAPDEST generation stops. The default trap port would be 162, however, the port cannot be seen in SCF, but can be retrieved and set to a different port using the SNMP manager.
The following is a summary of dynamic TRAPDEST object generation:
Dynamic TRAPDEST generation is enabled when the SNMP agent is started with the WARM startup parameter and there are no TRAPDEST objects in the SNMPCTL file.
Dynamic TRAPDEST generation is disabled when you do one of the following:
Use the ADD command to add a TRAPDEST object (or create one through SNMP).
Stop and restart the SNMP agent with the WARM option after at least one default TRAPDEST object has been generated.
If the SNMP agent is stopped, and then restarted, using the WARM option, even if you have never explicitly added a TRAPDEST object, no new TRAPDEST objects are dynamically generated since the SNMPCTL file contains the #DYNAn objects created when the SNMP agent was previously running.
Page 97
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-41
Forwarding Traps to Managers Communicating
Through IPC
Forwarding Traps to Managers Communicating Through IPC
No mechanism exists for the SNMP agent to automatically forward traps through the IPC interface. To forward traps to an SNMP manager that communicates with the SNMP agent through NonStop Kernel IPC calls, configure a trap destination using a host address of 127.0.0.1 (the local loopback address, a TCP/IP convention that refers to “this” host).
Disabling the Sending of Traps
Any SNMP manager using the proper access authority can disable the sending of authenticationFailure traps to all configured trap destinations by setting the snmpEnableAuthenTraps MIB object to 2. Refer to Appendix C, Unsolicited SNMP
Agent Messages, for more information.
Page 98
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-42
Single-Host Connections
Single-H os t Connectio ns
In Figure 2-8, two SNMP agents receive requests through one TCP/IP process and send trap messages to the same destination through a diff erent T CP/ IP p rocess. In this configuration:
$ZSNM0 was started using the built-in defaults.
$ZSNM1 was started (from a different subvolume) using a value of $ZTC1 for the TCPIP^PROC ESS^NAME star tup parameter.
Figure 2-8. Multiple SNMP Agents, Single Host Connections
SNMP Manager Station 2
130.25.88.1
130.25.88.2
$ZTC1
SNMP
Agent
($ZSNM0)
SNMP Agent
($ZSNM1)
SNMP Manager Station 1
Legend
Trap PDUs
Request/Response PDUs
(at 130.25.86.15)
$ZTC0
VST306.vsd
Page 99
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-43
Multiple-Host Connections
The SCF commands used to configure the ENDPOINT and TRAPDEST objects in
Figure 2-8 are:
ASSUME PROCESS $ZSNM0 STOP ENDPOINT #DEFAULT ALTER ENDPOINT #DEFAULT, NETWORK $ZTC1, & HOSTADDR 130.25.88.1 START ENDPOINT #DEFAULT
ADD TRAPDEST #STA1, HOSTADDR 130.25.86.15 START TRAPDEST #STA1
ASSUME PROCESS $ZSNM1 STOP ENDPOINT #DEFAULT ALTER ENDPOINT #DEFAULT, HOSTADDR 130.25.88.2 START ENDPOINT #DEFAULT
ADD TRAPDEST #STA1, NETWORK $ZTC0, HOSTADDR 130.25.86.15 START TRAPDEST #STA1
Multiple-Host Connections
The TCP/IP process handling the sending of traps does not have to be on the same node as the agent process.
Note. Parallel Library TCP/I P and Nonst op TCP/IPv6 do not support Mu lti-Host con nections.
Page 100
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual—424777-006
2-44
Multiple-Host Connections
In Figure 2-9, the SNMP agents on nodes \A, \B, and \C accept requests from either SNMP manager, but only send traps to the manager whose internet address is
130.25.86.4. Following are the SCF commands used to configure connections for this
scenario. Note that the SNMP agent on node \B uses the default NETWORK attribute value in its TRAPDEST object definition:
SYSTEM \B ASSUME PROCESS $ZSNMP STOP ENDPOINT #DEFAULT ALTER ENDPOINT #DEFAULT, HOSTADDR 130.25.86.2 START #DEFAULT
ADD TRAPDEST #STA2, HOSTADDR 130.25.86.4 START TRAPDEST #STA2
Figure 2-9. Multiple SNMP Agents, Multiple Host Connections
\B
\C
SNMP Agent
($ZSNMP)
\A
SNMP Manager 2
(at 130.25.86.4)
130.25.86.1
130.25.86.2
130.25.86.3
SNMP Manager 1
(at 130.25.86.5)
SNMP
Agent
($ZSNMP)
SNMP Agent
($ZSNMP)
Legend
Request/Response PDUs
$ZTC0
130.25.86.4
Trap PDUs
VST307.vsd
Loading...