Configuring SNMP Settings in ILOM

C H A P T E R 2

Topics
Description	Links
Verify and configure the proper ILOM values for enabling SNMP on the managed device	Enabling SNMP on Managed Server Using the CLI Enabling SNMP On Managed Server Using the Web Interface
Configure SNMP user accounts and communities in ILOM	Managing SNMP User Accounts and Communities Using the ILOM CLI Enabling SNMP on Managed Server Using the CLI
Manage SNMP trap settings in ILOM	Managing SNMP Traps Using the ILOM CLI
Reference of Net-SNMP command examples	SNMP Command Examples

Related Topics
For ILOM	Section	Guide
Concepts	User Account Management	Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide (820-6410)
Web	Managing User Accounts	Oracle Integrated Lights Out Manager (ILOM) 3.0 Web Interface Procedures Guide (820-6411)
CLI	Managing User Accounts	Oracle Integrated Lights Out Manager (ILOM) 3.0 CLI Procedures Guide (820-6412)
The ILOM 3.0 Documentation Collection is available at: `http://docs.sun.com/app/docs/prod/int.lights.mgr30#hic`

Configuring SNMP Settings in ILOM Using the CLI

You can choose to configure the SNMP settings in the ILOM CLI or web interface. This section describes the procedures for configuring the SNMP settings using the ILOM CLI.

Topics
Description	Links
Verify and configure the proper ILOM values for enabling SNMP on the managed server	Enabling SNMP on Managed Server Using the CLI
Configure SNMP user accounts and communities in ILOM	Managing SNMP User Accounts and Communities Using the ILOM CLI
Set SNMP trap properties in ILOM	Managing SNMP Traps Using the ILOM CLI

Enabling SNMP on Managed Server Using the CLI

Prior to using the snmpgets commands described in this guide, you should verify that the correct properties for SNMP are enabled in ILOM. Use the following procedure in this section to view and configure the ILOM CLI SNMP properties on the managed server.

Topics
Description	Links
Review requirements and special considerations	Before You Begin
Verify and configure the proper SNMP properties in ILOM are set on the managed server	Configure SNMP On Managed Server Using the ILOM CLI

Before You Begin

To set SNMP properties in ILOM, you must have the Admin role (a) enabled.

The SNMP servericestate property is enabled by default.

To enable write access when using SNMP, the SNMP sets property in ILOM must be enabled. This property is disabled by default.

Note - If the sets property is disabled in ILOM, all SNMP objects are read-only and no snmpset commands will be processed.

In ILOM there are three SNMP protocol version properties: v1, v2c, and v3. For v1 and v2c, "communities" are used for authentication. For v3, "users" are used for authentication. By default, v1 and v2c are disabled, even though there are default "communities" (public and private) provided. By default, v3 is enabled, but there are no pre-packaged users.

Configure SNMP On Managed Server Using the ILOM CLI

1. Log in to the ILOM SP CLI.

2. To view the ILOM SNMP properties, type:

show /SP/services/snmp

The following SNMP output appears.

 /SP/services/snmp
    Targets:
        communities
        mibs
        users
 
    Properties:
        engineid = (none)
        port = 161
        servicestate = enabled
        sets = disabled
        v1 = disabled
        v2c = disabled
        v3 = enabled
 
    Commands:
        cd
        set
        show

3. Use the set command to change any of the SNMP properties, for example:

To enable SNMP and allow read-only only access, you must enable the servicestate property by typing:

-> set /SP/services/snmp servicestate=enabled

To enable write privilegeswhen using SNMP, you must enable the SNMP sets property by typing:

-> set /SP/services/snmp sets=enabled

To enable a specific SNMP protocol version (v1, v2c, or v3) property, type:

-> set /SP/services/snmp v#=enabled

where # = the SNMP protocol version you want to enable.

If you enable the snmp property for v3, you can create an account for authorizaiton and provide read write privileges by typing:

create /SP/services/snmp/users/<useraccountname> authenticationpassword=password permission=rw

-or-

If you enable the snmp property for v3, you can create an account for authorizaiton and provide readonly privileges by typing:

create /SP/services/snmp/users/<useraccountname> authenticationpassword=password

For more information about user accounts and read and write access, see the following section about Managing SNMP User Accounts and Communities Using the ILOM CLI

Managing SNMP User Accounts and Communities Using the ILOM CLI

After ensuring that the proper SNMP properties are enabled in ILOM, you need to configure SNMP user accounts and communities.

Topics
Description	Links
Review requirements prior to perform the procedures in this section	Before You Begin
Configure user accounts using the CLI	SNMP User Account Targets, Properties, and Values View and Configure SNMP Community Properties Using the ILOM CLI Add an SNMP User Account Using the ILOM CLI Edit an SNMP User Account Using the ILOM CLI Delete an SNMP User Account Using the ILOM CLI Add or Edit an SNMP Community Using the ILOM CLI Delete an SNMP Community Using the ILOM CLI

Before You Begin

Prior to performing the procedures in this chapter, you must ensure that the following requirements are met:

To set user account CLI properties in ILOM, you need the User Management (u) role enabled.

Verify the proper SNMP settings are enabled in ILOM. For more details, see Enabling SNMP on Managed Server Using the CLI.

Note - When working in the ILOM CLI, if the Sets parameter is disabled, all SNMP MIB objects are read-only.

To execute the snmpset command, you need to use an SNMP v1 or v2c community or an SNMP v3 user account with read/write (rw) privileges.

Note - The example SNMP commands presented in this section are based on the Net-SNMP sample applications and, therefore, will only work as presented if you have Net-SNMP and the Net-SNMP sample applications installed.

SNMP User Account Targets, Properties, and Values

The SNMP user account targets, properties, and values are accessible under the /SP/services/snmp target. The following table identifies the targets, properties, and values that are valid for SNMP user accounts.

TABLE 2-1 SNMP User Acccount Targets, Properties and Values
Target	Property	Value	Default
`/SP/services/snmp/ communities/`communityname	`permissions`	ro\|rw	ro
`/SP/services/snmp/users/`username	`authenticationprotocol` `authenticationpassword*` `permissions` `privacyprotocol` `privacypassword+`	MD5\|SHA <string> ro\|rw none\|DES <string>	MD5 (null string) ro none (null string)
`/SP/services/snmp`	`engineid = none` `port = 161` `servicestate = enabled` `sets = enabled` `v1 = disabled` `v2c = disabled` `v3 = disabled`	<string> <integer> enable\|disabled enabled\|disabled enabled\|disabled enabled\|disabled enabled\|disabled	(null string) 161 enabled disabled disabled disabled enabled
^{*> An authenticationpassword must be provided when creating or modifying users (SNMP v3 only).}^{+> If the privacyprotocol property has a value other than none, then a privacypassword must be set.}

For example, to change the privacyprotocol for user a1 to DES use the following syntax:

-> set /SP/services/snmp/users/al privacyprotocol=DES privacypassword=password authenticationprotocol=SHA authenticationpassword=password

Note that the changes would be invalid if the following syntax was specified:

-> set /SP/services/snmp/users/al privacyprotocol=DES

Note - You can change SNMP user permissions without resetting the privacy and authentication properties.

View and Configure SNMP Community Properties Using the ILOM CLI

1. To go to the /SP/services/snmp directory, type:

-> cd /SP/services/snmp

2. Within that directory, type the show command to view SNMP settings. The default settings are as follows:

-> show
   /SP/services/snmp
   Targets:
     communities
     users
   Properties:
     engineid = none
     port = 161
     servicestate = enabled
     sets = disabled
     v1 = disabled
     v2c = disabled
     v3 = enabled 
  Commands: 
     cd
     set
     show

3. To view the communities, type:

-> show /SP/services/snmp/communities

-> show /SP/services/snmp/communities
/SP/services/snmp/communities
Targets:
  private
  public
Properties:
Commands:
  cd
  create
  delete
  show

4. To create a community with read/write privileges, type:

-> create /SP/services/snmp/communities/communityname permission=rw

-> create /SP/services/snmp/communities/communityname permission=rw
Created /SP/services/snmp/communities/communityname

5. View the public communities by typing:

-> show /SP/services/snmp/communities/public

-> show /SP/services/snmp/communities/public
/SP/services/snmp/communities/public
Targets:
Properties:
  permission = ro
Commands:
  cd
  set
  show

Add an SNMP User Account Using the ILOM CLI

1. Log in to the ILOM CLI.

2. To add an SNMP v3 read-only user account, type the following command:

-> create /SP/services/snmp/users/username authenticationpassword=password

Edit an SNMP User Account Using the ILOM CLI

1. Log in to the ILOM CLI.

2. To edit an SNMP v3 user account, type the following command:

-> set /SP/services/snmp/users/username authenticationpassword=password

Note - When changing the parameters of SNMP users, you must provide a value for authenticationpassword, even if you are not changing the password.

Delete an SNMP User Account Using the ILOM CLI

1. Log in to the ILOM CLI.

2. To delete an SNMP v3 user account, type the following command:

-> delete /SP/services/snmp/users/username

Add or Edit an SNMP Community Using the ILOM CLI

1. Log in to the ILOM CLI.

2. To add an SNMP v1/v2c community, type the following command:

-> create /SP/services/snmp/communities/communityname

Delete an SNMP Community Using the ILOM CLI

1. Log in to the ILOM CLI.

2. To delete an SNMP v1/v2c community, type the following command:

-> delete /SP/services/snmp/communities/communityname

Managing SNMP Traps Using the ILOM CLI

To receive notifications of SNMP traps, you must configure the proper alert rule properties in ILOM. Use the following information in this section to set the proper SNMP alert rules properties in the ILOM CLI.

Topics
Description	Links
Review requirements and special considerations	Before You Begin
Configure SNMP trap properties	Configure SNMP Trap Properties Using the ILOM CLI
CLI commond reference for configuring SNMP traps	CLI Commands for Managing Alert Rule Configurations

Before You Begin

To create or edit alert rules in ILOM, you need the Admin (a) role enabled.

When defining an SNMP trap alert for SNMP v3, the SNMP user name must be defined in ILOM as an SNMP user. If the user is not defined in ILOM as an SNMP user, the receiver of the SNMP alert will be unable to decode the SNMP alert message.

Review the CLI commands for managing alert rule configurationin ILOM. See CLI Commands for Managing Alert Rule Configurations

For additional information about configuring alert management settings in ILOM, see the chapter about Managing System Alerts in the Oracle Integrated Lights Out Manager (ILOM) 3.0 CLI Procedures Guide or the Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.

Configure SNMP Trap Properties Using the ILOM CLI

Follow these steps to configure the destinations to which the SNMP traps are sent.

1. Log in to the ILOM CLI.

2. Type the show command to display the current settings of the alert rule.

For example:

-> show /SP/alertmgmt/rules/1
/SP/alertmgmt/rules/1
   Targets:
   Properties:
      community_or_username = public
      destination = 0.0.0.0
      level = disable
      snmp_version = 1
      type = snmptrap
   Commands:
     cd
     set
     show

3. To show the /SP/alertmgmt/rules directory, type these commands:

-> cd /SP/alertmgmt/rules

-> show

-> cd /SP/alertmgmt/rules
-> show
/SP/alertmgmt/rules 
  Targets:
    1
    2
    .
    .
    .
    15
  Properties:
        testalert = (Cannot show property)
  Commands:
      cd
      set
      show

Choose a rule (from targets 1 through 15) for which you would like to configure a destination for SNMP traps, and go to that directory.

For example:

-> cd 4

4. Within that rule directory, type the set command to change the rule properties.

For example:

-> set type=snmptrap level=critical destination=IPaddress_of_snmp_management_station snmp_version=2c community_or_username=public

CLI Commands for Managing Alert Rule Configurations

The following table describes the CLI commands that you will need to use to manage alert rule configurations in the ILOM CLI.

TABLE 2-1 CLI Commands for Managing Alert Rule Configurations
CLI Command	Description
`show`	The `show` command enables you to display any level of the alert management command tree by specifying either the full or relative path. Examples: To display an alert rule along with its properties using a full path, you would type the following at the command prompt: -> `show /SP/alertmgmt/rules/1` `/SP/alertmgmt/rules/1` `Properties:` `community_or_username = public` `destination = 129.148.185.52` `level = minor` `snmp_version = 1` `type = snmptrap` `Commands:` `cd` `set` `show`
	To display a single property using the full path, you would type the following at the command prompt: -> `show /SP/alertmgmt/rules/1 type` `/SP/alertmgmt/rules/1` `Properties:` `type = snmptrap` `Commands:` `set` `show`
	To specify a relative path if the current tree location is `/SP/alertmgmt/rules`, you would type the following at the command prompt: -> `show 1/` /SP/alertmgmt/rules/1 Targets: Properties: community_or_username = public destination = 129.148.185.52 level = minor snmp_version = 1 type = snmptrap Commands: cd set show
`cd`	The `cd` command enables you to set the working directory. To set alert management as a working directory on a server SP, you would type the following command at the command prompt: -> `cd /SP/alertmgmt`
`set`	The `set` command enables you to set values to properties from any place in the tree. You can specify either a full or relative path for the property depending on the location of the tree. For example: For full paths, you would type the following at the command prompt: -> `set /SP/alertmgmt/rules/1 type=snmptrap` For relative path (tree location is `/SP/alertmgmt`), you would type the following command path at the command prompt: -> `set rules/1 type=snmptrap` For relative path (tree location is `/SP/alertmgmt/rules/1`), you would type the following command path at the command prompt: `-> set type=snmptrap`

Configuring SNMP Settings in ILOM Using the Web Interface

You can choose to configure the SNMP settings in the ILOM CLI or web interface. This section describes the procedures for configuring the SNMP settings using the ILOM web interface.

Topics
Description	Links
Verify and configure the proper ILOM values for enabling SNMP are set on the managed server	Enabling SNMP On Managed Server Using the Web Interface
Configure SNM user accounts and communities in ILOM	Managing SNMP User Accounts and Communities Using the ILOM Web Interface
Configure SNMP trap properties in ILOM	Managing SNMP Traps Using the ILOM CLI

Enabling SNMP On Managed Server Using the Web Interface

Prior to using the snmpgets commands described in this guide, you should verify that the correct settings for SNMP are enabled in ILOM. Use the following procedure in this section to view and configure the ILOM CLI SNMP settings on the managed server.

Topics
Description	Links
Review requirements and special considerations	Before You Begin
Verify and configure the proper SNMP properties in ILOM are set on the managed server	Enable SNMP on Managed Server Using the Web Interface

Before You Begin

To set SNMP properties in ILOM you must have the Admin role (a) enabled.

The SNMP servericestate is enabled by default.

To enable write access when using SNMP, the SNMP Set option must be enabled. This setting is disabled by default.

Note - If the Set option is disabled in ILOM, all SNMP objects are read-only and no snmpset commands will be processed.

In ILOM there are three SNMP protocol version properties: v1, v2c, and v3. For v1 and v2c, "communities" are used for authentication. For v3, "users" are used for authentication. By default, v1 and v2c are disabled, even though there are default "communities" (public and private) provided. By default, v3 is enabled, but there are no pre-packaged users.

Enable SNMP on Managed Server Using the Web Interface

1. Log in to the ILOM web interface.

2. Select Configuration --> System Management Access --> SNMP.

The SNMP Settings page appears.

Screen shot of the ILOM SNMP Settings page.

3. Select the State check box to enable the SNMP port.

When State is disabled, the SNMP port is blocked, prohibiting all SNMP communication between ILOM and the network.

4. Type the port number in the Port text field.

5. Leave the Engine ID field blank. This allows the default setting to be used.

The Engine ID is automatically set by the SNMP agent. While you can use this field to set the Engine ID, we recommend that you leave this field blank. The Engine ID uniquely identifies the SNMP engine and enables users to query the SNMP agent. You should only use this field to set the Engine ID if you are familiar with SNMP v3 security and how this setting is used.

6. Select or clear the Set Requests check box to enable or disable the Set Requests option.

If the Set Requests option is disabled, all SNMP objects are read-only and no snmpset commands will be processed.

7. Select a Protocols check box to enable SNMP v1, v2c, or v3.

SNMP v3 is enabled by default. You can enable or disable v1, v2c, and v3 protocol versions.

8. Click Save.

At the bottom of the SNMP Settings page, you can also add, edit, or delete SNMP communities or users, as shown in the following screen.

Screen shot of the ILOM SNMP web interface for adding, editing, and deleting communities and users.

Managing SNMP User Accounts and Communities Using the ILOM Web Interface

After ensuring that the proper SNMP settings are enabled in ILOM, you need to configure SNMP user accounts and communities.

Topics
Description	Links
Configure user accounts using the web interface	Add or Edit an SNMP Community Using the Web Interface Delete an SNMP Community Using the Web Interface Add or Edit an SNMP User Account Using the Web Interface Delete an SNMP User Account Using the Web Interface Configure SNMP Traps Using the Web Interface

Before You Begin

Prior to performing the procedures in this chapter, you must ensure that the following requirements are met:

To set user account CLI properties in ILOM, you need the User Management (u) role enabled.

Verify that the proper SNMP settings are enabled in ILOM. For more details, see Enabling SNMP on Managed Server Using the CLI.

Note - When working in the ILOM CLI, if the Sets parameter is disabled, all SNMP MIB objects are read-only.

To execute the snmpset command, you need to use an SNMP v1 or v2c community or an SNMP v3 user account with read/write (rw) privileges.

Add or Edit an SNMP Community Using the Web Interface

Follow these steps to add or edit an SNMP v1 or v2c community:

1. Log in to the ILOM web interface.

2. Select Configuration --> System Management Access --> SNMP.

Scroll to the bottom half of the SNMP Settings page to find the SNMP Communities dialog.

3. To add a community, click Add.

The SNMP Community dialog box appears.

Screen shot of the Add SNMP Community dialog.

4. To edit a community, do the following:

a. Select the appropriate community radio button

b. Click Edit.

The SNMP Community dialog box appears.

5. If you are adding a new community, type the name of the community in the Community Name field; otherwise proceed to the next step.

The community name can contain up to 35 characters. It must start with an alphabetic character and cannot contain a space.

6. Select read-only (ro) or read-write (rw) in the Permissions drop-down list.

7. Click Save.

Delete an SNMP Community Using the Web Interface

Follow these steps to delete an SNMP v1 or v2c community:

1. Log in to the ILOM web interface.

2. Select Configuration --> System Management Access --> SNMP.

The SNMP settings page appears.

3. Click the Communities link or scroll down to the communities list.

4. Select the radio button of the SNMP community to delete.

5. Click Delete.

A confirmation dialog box appears.

6. Click OK to delete the SNMP community.

Add or Edit an SNMP User Account Using the Web Interface

Follow these steps to add or edit a SNMP v3 user accounts.

Note - User accounts are not applicable to SNMP v1 and v2c because communities are used to control access.

1. Log in to the ILOM web interface.

2. Select Configuration --> System Management Access --> SNMP.

The SNMP Settings page appears.

3. Click the Users link to expand the SNMP Settings page and display SNMP Users.

4. To add an SNMP user, click Add.

The Add or Edit SNMP User dialog box appears.

5. To edit an SNMP user, do the following:

a. Select the appropriate user radio button

b. Click Edit.

The Add or Edit SNMP User dialog box appears.

Screen shot of the ILOM SNMP web interface used to add users.

6. If you are adding a user, type a user name in the User Name text field; otherwise proceed to the next step.

The user name can include up to 35 characters. It must start with an alphabetic character and cannot contain spaces.

7. Select either Message Digest 5 (MD5) or Secure Hash Algorithm (SHA) in the Authentication Protocol drop-down list.

8. Type a password in the Authentication Password text field.

The authentication password is case-sensitive and must contain 8 to 16 characters, with no colons or space characters.

9. Retype the authentication password in the Confirm Password text field.

10. Select read-only (ro) or read-write (rw) in the Permissions drop-down list.

11. Select DES or None in the Privacy Protocol drop-down list.

12. Type a password in the Privacy Password text field.

The privacy password is case-sensitive and must contain 8 to 16 characters, with no colons or space characters.

13. Retype the password in the Confirm Password text field.

14. Click Save.

Delete an SNMP User Account Using the Web Interface

Follow these steps to delete an SNMP v3 user account:

1. Log in to the ILOM web interface.

2. Select Configuration --> System Management Access --> SNMP.

The SNMP Settings page appears.

3. Click the Users link or scroll down to the SNMP Users list.

4. Select the radio button of the SNMP user account to delete.

5. Click Delete under the SNMP User’s List.

A confirmation dialog box opens.

6. Click OK to delete the user account.

Managing SNMP Traps Using the ILOM CLI

Topics
Description	Links
Review requirements and special considerations	Before You Begin
Configure SNMP trap settings in ILOM	Configure SNMP Traps Using the Web Interface

Before You Begin

To create or edit alert rules in ILOM, you need the Admin (a) role enabled.

When defining an SNMP trap alert for SNMP v3, the SNMP user name must be defined in ILOM as an SNMP user. If the user is not defined in ILOM as an SNMP user, the receiver of the SNMP alert will be unable to decode the SNMP alert message.

For additional information about configuring alert management settings in ILOM, see the chapter about Managing System Alerts in the Integrated Lights Out Manager (ILOM) 3.0 Web Interface Procedures Guide or the Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide.

Configure SNMP Traps Using the Web Interface

1. Log in to the ILOM web interface.

2. Select Configuration --> Alert Management.

The Alert Settings page appears. This page shows a table of the alerts that you can configure. You can configure up to 15 alerts.

Screen shot of the Alert Settings page.

3. To create or modify an alert, select an alert radio button.

4. From the Actions drop-down list, select Edit.

The Create or Modify Alert dialog appears.

Screen shot of the Alert dialog.

5. In the Level drop-down list, select the level of the alert.

6. In the Type drop-down list, select the alert type.

7. In the IP Address field, specify the alert destination IP address.

8. Click Save for your changes to take effect.