Go to main content

Oracle® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

Updated: December 2019
 
 

Use SNMPv3 Encryption and User Authentication

Note -  SNMP set operations and writeable SNMP MIBs are not supported in Oracle ILOM as of firmware version 4.0.x.

SNMPv1 and SNMPv2c provide no encryption and use community strings as a form of authentication. Community strings are sent in clear text over the network and are usually shared across a group of individuals, rather than being private to an individual user. SNMPv3, conversely, uses encryption to provide a secure channel as well as individual user names and passwords. SNMPv3 user passwords are localized so that they can be stored securely on management stations.

SNMPv1, SNMPv2c, and SNMPv3 are all supported by Oracle ILOM and can be enabled or disabled separately. In addition, “sets” can be enabled or disabled to provide an additional layer of security. This configurable option determines whether the SNMP service will allow configurable SNMP MIB properties to be set. Disabling sets effectively makes the SNMP service useful for monitoring only.

By default, SNMPv1 and SNMPv2c are disabled. SNMPv3 is enabled by default, but requires creating one or more SNMP users prior to use. There are no preconfigured SNMPv3 users.

To configure SNMP management in Oracle ILOM, see the following web-based instructions.

Before You Begin

  • For Increased SNMP security, use SNMPv1 and SNMPv2c only for monitoring and do not enable “sets” when these less secure protocols are enabled.

  • SNMP sets should only be enabled for SNMPv3 management. The SNMP Set property is disabled by default.

    Note -  As of Oracle ILOM firmware version 4.0.x, SNMP set operations and writeable SNMP MIBs are not supported.

  • SNMPv3 sets require the configuration of SNMPv3 user accounts. Preconfigured SNMPv3 user accounts are not provided.

  • The SNMP service State property is enabled by default.

  • Admin role (a) privileges are required to modify the SNMP properties.

  • User management (u) privileges are required to add or modify SNMPv3 user accounts.

  1. Navigate to the SNMP page in the Oracle ILOM web interface.

    For instance:

    • 3.0.x web interface, click System Management Access -> SNMP.
    • 3.1 and later web interface, click ILOM Administration -> Management Access -> SNMP.
  2. In the SNMP page, view or modify the SNMP properties, and then click Save to apply the changes.

    For further instructions, see the documentation listed in the Related Information section of this procedure. For users running firmware version 3.2 or later, click the More details link in the SNMP page for additional information.

Related Information

Sun SNMP MIBs Supporting Configurable Objects

Note -  SNMP set operations and writeable SNMP MIBs are not supported in Oracle ILOM as of firmware version 4.0.x.

Oracle's Sun MIBs that support configurable objects and where “sets” are applicable are as follows:

  • SUN-HW-CTRL-MIB – This MIB is used to configure hardware policies, such as power management policies.

  • SUN-ILOM-CONTROL-MIB – This MIB is used to configure Oracle ILOM features, such as creating users and configuring services.

Note - You can set a MIB object when: 1) the MIB object supports modification; 2) the MAX-ACCESS element for the MIB object is set to read-write; and 3) the user attempting to perform the set is authorized to do so.
Copyright © 2012, 2019, Oracle and/or its affiliates. All rights reserved. 
Previous
Next