Sun Integrated Lights Out Manager 2.0 User’s Guide Table Of ContentsPrevious ChapterNext ChapterBook Index

C H A P T E R  10
Simple Network Management Protocol

ILOM supports the Simple Network Management Protocol (SNMP), which is used to exchange data about network activity. SNMP is an open, industry-standard protocol.

This chapter includes the following sections:


Note - Syntax examples in this chapter use the target starting with /SP/, which could be interchanged with the target starting with /CMM/ depending on your Sun server platform. Subtargets are common across all Sun server platforms.

SNMP Overview

Simple Network Management Protocol (SNMP) is an open technology that enables the management of networks and devices, or nodes, that are connected to the network. Using SNMP, data travels between a managed device (node) and a networked management station. A managed device can be any device that runs SNMP, such as hosts, routers, web servers, or other servers on the network. SNMP messages are sent over IP using the User Datagram Protocol (UDP). Any management application that supports SNMP can manage your server.

ILOM supports SNMP versions 1, 2c, and 3. Using SNMP v3 is strongly advised since SNMP v3 provides additional security, authentication, and privacy beyond SNMP v1 and v2c.

SNMP is a protocol, not an operating system, so you need an application to utilize SNMP messages. Your SNMP management software may provide this functionality, or you can use an open source tool like net-SNMP, which is available at:

http://net-snmp.sourceforge.net/

Both management stations and agents use SNMP messages to communicate. Management stations can send and receive information. Agents can respond to requests and send unsolicited messages in the form of traps. Management stations and agents use the following functions:

How SNMP Works

SNMP functionality requires the following two components:

The management station monitors nodes by polling management agents for the appropriate information using queries. Managed nodes can also provide unsolicited status information to a management station in the form of a trap. SNMP is the protocol used to communicate management information between management stations and agents.

The SNMP agent is preinstalled on your Sun server platform and runs on ILOM, so all SNMP management occurs through ILOM. To utilize this feature, your operating system must have an SNMP client application.

SNMP Management Information Base Files

The base component of an SNMP implementation is the Management Information Base (MIB). A MIB is a text file that describes a managed node’s available information and where it is stored. The tree-like, hierarchical system classifies information about resources in a network. The MIB defines the variables that the SNMP agent can access. When a management station requests information from a managed node, the agent receives the request and retrieves the appropriate information from the MIBs. The MIB provides access to the server’s network configuration, status, and statistics.

The following SNMP MIBs are used with ILOM:

This MIB represents an inventory of server and chassis hardware, including all the sensors and indicators along with their status.

This MIB represents a Sun SP or CMM configuration such as user or access management, alerts, and more.

This MIB describes the hardware-related traps that a Sun SP or CMM may generate.

This MIB describes the IPMI Platform Event Traps (PETs) that a Sun SP may generate. See About Alert Management for more information about PETs.

Alerts and SNMP Traps

Using ILOM, you can configure up to 15 alert rules. For each alert rule that you configure in ILOM, you must define three or more properties about the alert, depending on the type of alert. The alert type defines the message format and the method for sending and receiving an alert message. ILOM supports these three alert types: IPMI PET alerts, email notification alerts, or SNMP traps.

ILOM supports the generation of SNMP trap alerts to a user-specified IP address. All destinations that you specify must support the receipt of SNMP trap messages.

ILOM has a preinstalled SNMP agent that supports SNMP trap delivery to an SNMP management application.

To use this feature, you must do the following:

There are no trap destinations configured by default. By default, agents listen to port 161 for SNMP requests and agents send traps to port 162. However, you can configure the SNMP trap destination port to any valid port.

Manage SNMP Users With the CLI

You can add, delete, or configure SNMP user accounts and communities using the ILOM command-line interface (CLI).


Note - When working in the ILOM CLI, if Set Requests is disabled, all SNMP objects are read-only.


procedure icon  Add an SNMP User Account Using the CLI

1. Log in to the ILOM CLI as Administrator.

2. To add an SNMP v3 read-only user account, type the following command: 

create /SP/services/snmp/users/username authenticationpassword=password

procedure icon  Edit an SNMP User Account Using the CLI

1. Log in to the ILOM CLI as Administrator.

2. To edit an SNMP v3 user account, type the following command: 

edit /SP/services/snmp/users/username authenticationpassword=password

Note - When changing the parameters of SNMP users, you must provide a value for authenticationpassword, even if you are not changing the password.


procedure icon  Delete an SNMP User Account Using the CLI

1. Log in to the ILOM CLI as Administrator.

2. To delete an SNMP v3 user account, type the following command:

delete /SP/services/snmp/users/username


procedure icon  Add or Edit an SNMP Community Using the CLI

1. Log in to the ILOM CLI as Administrator.

2. To add an SNMP v1/v2c community, type the following command:

create /SP/services/snmp/communities/communityname


procedure icon  Delete an SNMP Community Using the CLI

1. Log in to the ILOM CLI as Administrator.

2. To delete an SNMP v1/v2c community, type the following command:

delete /SP/services/snmp/communities/communityname

Targets, Properties, and Values

The following table lists the targets, properties, and values that are valid for SNMP user accounts.


TABLE 10-1 SNMP User Account Targets, Properties, and Values

Target

Property

Value

Default

/SP/services/snmp/
communities/
communityname

permissions

ro|rw

ro

/SP/services/snmp/users/
username

authenticationprotocol

authenticationpassword*

permissions

privacyprotocol

privacypassword*

MD5|SHA

<string>

ro|rw

none|DES

<string>

MD5

(null string)

ro

none

(null string)

/SP/services/snmp

engineid = none

port = 161

sets = enabled

v1 = disabled

v2c = disabled

v3 = disabled

<string>

<integer>

enabled|disabled

enabled|disabled

enabled|disabled

enabled|disabled

(null string)

161

disabled

disabled

disabled

enabled

* If the privacyprotocol property has a value other than none, then a privacypassword must be set.
An authenticationpassword must be provided when creating or modifying users (SNMP v3 only).


For example, to change the privacyprotocol for user a1 to DES you would type: 

-> set /SP/services/snmp/users/al privacyprotocol=DES privacypassword=password authenticationprotocol=SHA authenticationpassword=password

Your changes would be invalid if you typed only: 

-> set /SP/services/snmp/users/al privacyprotocol=DES

Note - You can change SNMP user permissions without resetting the privacy and authentication properties.


procedure icon  Configure SNMP Trap Destinations Using the CLI

Follow these steps to configure the destinations to which the SNMP traps are sent.

1. Log in to the ILOM CLI as Administrator.

2. Type the show comand to display the current settings of the alert rule.

For example: 


-> show /SP/alertmgmt/rules/1
/SP/alertmgmt/rules/1
   Targets:
   Properties:
      community_or_username = public
      destination = 0.0.0.0
      destination_port = 0
      level = disable
      snmp_version = 1
      type = snmptrap
   Commands:
     cd
     set
     show

3. Go to the /SP/alertmgmt/rules/snmp directory. Type:

-> cd /SP/alertmgmt/rules/snmp

4. Choose a rule (from targets 1 through 15) for which you would like to configure a destination for SNMP traps, and go to that directory.

For example:

-> cd 4

5. Within that rule directory, type the set command to change the rule properties.

For example:

-> set type=snmptrap level=critical destination=IPaddress destination_port=0 snmp_version=2c community_or_username=public

Manage SNMP Users Using the Web Interface

This section describes how to use the ILOM web interface to manage SNMP users and communities.


procedure icon  Configure SNMP Settings Using the Web Interface

Follow these steps to configure SNMP settings:

1. Log in to ILOM as an Administrator to open the web interface.

You can modify SNMP settings only when logged in to ILOM with Administrator privileges.

2. Select Configuration --> System Management Access --> SNMP.

The SNMP Settings page appears.

FIGURE 10-1 SNMP Settings Page


Graphic showing an ILOM SNMP web page in the web interface.

3. Type the port number in the Port text field.

4. Select or clear the Set Requests check box to enable or disable the Set Requests option.

If Set Requests is disabled, all SNMP objects are read-only.

5. Select a check box to enable SNMP v1, v2c, or v3.

SNMP v3 is enabled by default. You can enable or disable v1, v2c, and v3 protocol versions.

6. Click Save.


Note - At the bottom of the page, you can also add, edit, or delete SNMP communities or users, as shown in FIGURE 10-2.

FIGURE 10-2 SNMP Communities and Users


Graphic showing an ILOM SNMP Users and Communities from the web interface.


procedure icon  Add or Edit an SNMP User Account Using the Web Interface

Follow these steps to add or edit an SNMP v3 user account:

1. Log in to ILOM as an Administrator to open the web interface.

You can add an SNMP user or user account only when logged in to ILOM with Administrator privileges.

2. Select Configuration --> System Management Access --> SNMP.

The SNMP Settings page appears.

3. Click the Users link or scroll down to the SNMP Users list.

4. Click Add or Edit under the SNMP Users list.

The Add dialog box or the Edit dialog box appears as shown in FIGURE 10-3.

FIGURE 10-3 Add SNMP User Dialog


Graphic showing an ILOM Add SNMP User dialog

5. Type a user name in the User Name text field.

The user name can include up to 35 characters. It must start with an alphabetic character and cannot contain spaces.

6. Select either Message Digest 5 (MD5) or Secure Hash Algorithm (SHA) in the Authentication Protocol drop-down list.

7. Type a password in the Authentication Password text field.

The authentication password must contain 8 to 16 characters, with no colons or space characters. It is case-sensitive.

8. Retype the authentication password in the Confirm Password text field.

9. Select read-only (ro) or read-write (rw) in the Permissions drop-down list.

10. Select DES or None in the Privacy Protocol drop-down list.

11. Type a password in the Privacy Password text field.

The privacy password must contain 8 to 16 characters, with no colons or space characters. It is case-sensitive.

12. Retype the password in the Confirm Password text field.

13. Click Save.


procedure icon  Delete an SNMP User Account Using the Web Interface

Follow these steps to delete an SNMP v3 user account:

1. Log in to ILOM as an Administrator to open the web interface.

You can modify SNMP settings only when logged in to accounts with Administrator privileges.

2. Select Configuration --> System Management Access --> SNMP.

The SNMP Settings page appears.

3. Click the Users link or scroll down to the SNMP Users list.

4. Select the radio button of the SNMP user account to delete.

5. Click Delete under the SNMP User’s List.

A confirmation dialog box opens.

6. Click OK to delete the user account.


procedure icon  Add or Edit an SNMP Community Using the Web Interface

Follow these steps to add or edit an SNMP v1 or v2c community:

1. Log in to ILOM as an Administrator to open the web interface.

You can add or edit SNMP communities only when logged in to accounts with Administrator privileges.

2. Select Configuration --> System Management Access --> SNMP.

The SNMP Settings page appears.

3. Click the Communities link or scroll down to the Communities list.

4. Click the Add or Edit button for the SNMP Communities list.

The Add or Edit dialog box appears.

5. Type the name of the community in the Community Name field.

The community name can contain up to 35 characters. It must start with an alphabetic character and cannot contain a space.

6. Select read-only (ro) or read-write (rw) in the Permissions drop-down list.

7. Click Save.


procedure icon  Delete an SNMP Community Using the Web Interface

Follow these steps to delete an SNMP v1 or v2c community:

1. Log in to ILOM as an Administrator to open the web interface.

You can delete an SNMP community only when logged in to accounts with Administrator privileges.

2. Select Configuration --> System Management Access --> SNMP.

The SNMP Settings page appears.

3. Click the Communities link or scroll down to the Communities list.

4. Select the radio button of the SNMP community to delete.

5. Click Delete.

A confirmation dialog box appears.

6. Click OK to delete the SNMP community.


procedure icon  Configure SNMP Trap Destinations Using the Web Interface

Follow these steps to configure the destinations to which the SNMP traps are sent.

1. Log in to ILOM as an Administrator to open the web interface.

You can configure SNMP trap destinations only when logged in to accounts with Administrator privileges.

2. Select Configuration --> Alert Management.

The Alert Settings page appears. This page shows the table of configured alerts.

3. To modify an alert, select an alert radio button.

4. From the Actions drop-down list, select Edit.

The Create or Modify Alert dialog appears.

5. In the dialog, select the level of the alert from the drop-down list.

6. In the Type drop-down list, select SNMP Trap.

7. Specify the SNMP Trap destination IP address, destination port (selecting Autoselect sets the destination port to the default port 162), SNMP version, or community or user name.

8. Click Save for your changes to take effect.

SNMP Examples

This section includes various examples of using net-snmp to query the SNMP agent on an ILOM SP.

To begin, download and install the latest version (version 5.2.1 or higher) of
net-snmp that works with the operating system of your management station:

http://net-snmp.sourceforge.net/

net-snmp installs all the standard MIBs (SNMPv2-MIB, SNMP-FRAMEWORK-MIB and ENTITY-MIB) that ILOM supports. You must download the SUN-PLATFORM-MIB.mib, SUN-ILOM-CONTROL-MIB.mib, SUN-HW-TRAP-MIB.mib and SUN-ILOM-PET-MIB.mib files and place those files in the directory where net-snmp tools load MIBs. See the following URL for additional information:

http://net-snmp.sourceforge.net/wiki/index.php/
TUT:Using_and_loading_MIBS

For additional information about SNMP, go to the following URLs:


procedure icon  View and Configure SNMP Settings

Configure your SP or CMM as described in the previous sections and then follow these steps to view and configure SNMP settings:

1. Go to the /SP/services/snmp directory by typing:

-> cd /SP/services/snmp

2. Within that directory, type the show command to view SNMP settings. 


-> show
   /SP/services/snmp
   Targets:
     communities
     users
   Properties:
     engineid = none
     port = 161
     sets = disabled
     v1 = disabled
     v2c = disabled
     v3 = enabled 
  Commands: 
     cd
     set
     show

3. Configure SNMP settings.

For example:

-> set v2c=enabled

-> set sets=enabled

4. View the communities by typing:

-> show communities 


-> show communities
/SP/services/snmp/communities
Targets:
  public
Properties:
Commands:
  cd
  create
  delete
  show

5. View the public communities by typing:

-> show communities/public 


-> show communities/public
/SP/services/snmp/communities/public
Targets:
Properties:
  permission = ro
Commands:
  cd
  set
  show

6. Create private communities with read/write access by typing:

-> create communities/private permission=rw


procedure icon  Obtain Information Using snmpget or snmpwalk net-snmp Commands

1. Type the the snmpget command to obtain specific information.

For example: 


$ snmpget -v 2c -c public -m ALL <sp_ip> sysObjectID.0 sysUpTime.0 sysLocation.0
        SNMPv2-MIB::sysObjectID.0 =
        OID:SUN-FIRE-SMI-MIB::sunBladeX8400ServerModule
        SNMPv2-MIB::sysUpTime.0 = Timeticks: (17523) 0:02:55.23
        SNMPv2-MIB::sysLocation.0 = STRING:

2. Type the snmpwalk command to obtain information about discrete components.

For example: 


$ snmpwalk -v 2c -c public -m ALL <sp_ip> entPhysicalName
        ENTITY-MIB::entPhysicalName.1 = STRING: /SYS
        ENTITY-MIB::entPhysicalName.2 = STRING: /SYS/OK2RM
        ENTITY-MIB::entPhysicalName.3 = STRING: /SYS/SERVICE
        ENTITY-MIB::entPhysicalName.4 = STRING: /SYS/OK
        ENTITY-MIB::entPhysicalName.5 = STRING: /SYS/LOCATE
        ENTITY-MIB::entPhysicalName.6 = STRING: /SYS/LOCATE_BTN
        ENTITY-MIB::entPhysicalName.7 = STRING: /SYS/POWER_BTN
        ENTITY-MIB::entPhysicalName.8 = STRING: /SYS/T_AMB
        ENTITY-MIB::entPhysicalName.9 = STRING: /SYS/P0


procedure icon  Set Information Using snmpset

single-step bullet  Type the snmpset command to change the location of devices.

For example: 

$ snmpset -v 2c -c private -m ALL <sp_ip> sysLocation.0 s "<location>"

For example: 

SNMPv2-MIB::sysLocation.0 = STRING: ILOM Dev Lab

procedure icon  Receive Traps Using snmptrapd

single-step bullet  Type the snmptrapd command to receive trap information.

For example: 


$ /usr/sbin/snmptrapd -m ALL -f -Lo
SNMP trap example:
        2007-05-21 08:46:41 ban3c9sp4 [10.8.136.94]:
        SNMPv2-MIB::sysUpTime.0 = Timeticks: (1418) 0:00:14.18
        SNMPv2-MIB::snmpTrapOID.0 = OID:
        SUN-HW-TRAP-MIB::sunHwTrapPowerSupplyError
        SUN-HW-TRAP-MIB::sunHwTrapSystemIdentifier.0 = STRING:
        SUN-HW-TRAP-MIB::sunHwTrapChassisId.0 = STRING:
        ban6c4::0000000000 SUN-HW-TRAP-MIB::sunHwTrapProductName.0
        = STRING:   SUN-HW-TRAP-MIB::sunHwTrapComponentName.0 =
        STRING: /PS3/FAN_ERR
        SUN-HW-TRAP-MIB::sunHwTrapAdditionalInfo.0 = STRING: Predictive
        Failure Asserted    SUN-HW-TRAP-MIB::sunHwTrapAssocObjectId.0 =
        OID: SNMPv2-SMI::zeroDotZero



Sun Integrated Lights Out Manager 2.0 User’s Guide 820-1188-12 Table Of ContentsPrevious ChapterNext ChapterBook Index

Copyright © 2008 Sun Microsystems, Inc. All Rights Reserved.