2 Configuring SNMP

This chapter explains the concepts and commands involved with configuring SNMP. The following topics are discussed:

• "Configuration Methods"

• "SNMP Overview"

• "SNMP Default Settings"

• "SNMP Configuration Process"

• "MIB and Trap Information Tasks"

• "Managing SNMP Users: Tasks"

• "Configuring Trap Recipients Tasks"

• "Enabling and Disabling Ports"

• "Configuring SNMP Service Information"

Configuration Methods

You can configure SNMP through the following methods:

• SL3000 and SL8500: CLI

• SL500: CLI and the SL Console

• SL150: SL150 GUI with user role of either administrator or service

Note: Initially, configuring SNMP through the command line interface (CLI) requires the assistance of an Oracle service representative.

SNMP Overview

Simple Network Management Protocol (SNMP) is an application layer protocol that performs network management operations over an Ethernet connection using User Datagram Protocol/Internet Protocol (UDP/IP).

The Simple Network Management Protocol enables:

• The library to inform the systems administrator of potential problems.

• System administrators to query the library for configuration, operation, and statistical information.

• The library to gather information to be sent to the StorageTek Tape Analytics (STA) server, if applicable. For more information, see the STA Configuration Guide.

Supported Versions of SNMP

The StorageTek Modular Libraries support:

• SNMPv2c: Read-only support primarily for machine status queries. With this version, any information transmitted is not secure.

• SNMPv3: Both read and write support. Transmitted information is secure.

Configuration Requirements

The following are configuration requirements:

• Firmware for StorageTek Modular Libraries must be:

  • SL8500: version FRS_3.12 or higher

  • SL3000: version FRS_1.7 or higher

  • SL500: version FRS_1067 or higher

  • SL150: version FRS_1.0 or higher

• The SL Console must be version FRS_4.0 or higher.

• By default, the SNMP agent is disabled and must be enabled.

• STA has separate firmware requirements. See the STA documentation for more information.

Port Control and Managing Agents

Typically, SNMP uses the following user datagram protocol (UDP) ports:

• 161 for the agent (the library)

• 162 for the manager (the host)

The basic protocol for communications between manager and agent is as follows:

• The manager can send requests from any available port to the agent at port 161. The agent then responds to that source port, to the requesting manager.

• The agent generates traps or notifications and sends them from any available port to the manager at port 162.

See "Enabling and Disabling Ports" for more information.

Access Control

SNMPv2c community strings are capable of providing a form of access control in SNMP. Because of this, the Oracle StorageTek embedded agent will not allow community strings to make changes to the library's configuration.

Either SNMPv2c or SNMPv3 can retrieve the MIB file. However, because SNMPv3 provides encryption capabilities and a stronger user identification, library properties can be changed only with the SNMPv3 set command.

Using an administrative password also provides access control and authorization for set command operations. Traps, however, can be sent to recipients using either SNMPv2c or SNMPv3 by adding entries to the trap recipient list.

SNMP Default Settings

Table 2-1 lists the default SNMP settings for a StorageTek library.

Table 2-1 Default SNMP Settings for a StorageTek Library

Setting	Default	Description
Port ID	Disabled	Agent trap requests are sent and received over the HBC card port. 2B=standard, public port. 2A=optional, redundant port.
Socket number	161	Agent requests are sent and received on the enabled port. Socket numbers (ports) must be enabled to pass through a firewall.
	162	Traps are sent to this socket on the host port. Socket numbers (ports) must be enabled to pass through a firewall.
SNMP (agent)	Disabled	Enabled or disabled through CLI command only.
SNMPv2c users string	Public	Community String Public Agent Community. Use this field (setting) to read-only MIB data. There can be a maximum of 20 SNMP users. This field can be changed or deleted.
SNMPv3 users string	Empty	Community String Public Agent Community. Use this field (setting) to both read and write MIB data. There can be a maximum of 20 SNMP users. This field can be changed or deleted.
Trap recipients	Empty	This list supports up to 20 recipients with no duplicate entries. Users must add themselves to the recipients list for traps to be sent to them. See "Configuring Trap Recipients Tasks"for more information.

SNMP Configuration Process

The process of initially configuring SNMP is:

1. Obtain MIB and trap destination information from the library.

   (See "Obtain the Management Information Base" and "Obtain Trap Destination Information".)

2. Manage SNMP users.

   (See "Managing SNMP Users: Tasks".)

3. Configure trap recipients.

   (See "Configuring Trap Recipients Tasks".)

4. Enable the agent within the library controller card.

   (See "Enable a Port ID".)

   SNMP traps should now be enabled and the agent should respond to gets from the clients.

5. Configure SNMP service information.

   (See "Configuring SNMP Service Information".)

MIB and Trap Information Tasks

This section contains information on MIB and trap destination.

Obtain the Management Information Base

Note: You can download the MIB through the SL Console, but you cannot view it directly from the SL Console. However, because the MIB is a plain ASCII text file, you can view it from any text editor.

1. At the StorageTek Libary Console, select Tools > Diagnostics.

2. Click the Library folder on the navigation tree. The Library page appears.

3. Click the Transfer File tab. The Transfer File page appears. Select SNMP MIB.

4. Click Transfer File. The Save dialog box appears.

5. Browse to the directory where you want to save the file, and enter the file name in the File Name field. Be sure to give it a.txt suffix.

6. Click Save. The data is saved to the specified file, and the Transferred Successful message appears.

Obtain Trap Destination Information

1. Obtain the following information trap from the administrator.

   For SNMPv2c, obtain: IP address of the hosts receiving the traps

   For SNMPv3, obtain:

   • IP address of the hosts receiving the traps

   • Engine ID of the hosts receiving the traps

   • Authentication protocol (authPassPhrase) for users and hosts receiving traps (MD5 or SHA)

   • Authentication privacy protocol (privacy passPhrase) for users and hosts receiving traps (DES or AES)

   • User names and hosts receiving traps

Managing SNMP Users: Tasks

Table 2-2 lists the variables used in this section.

Table 2-2 SNMP User Variables

Argument	Variable	Description
version	v2c or v3	Version of SNMP.
name	name	Name assigned to the SNMP user. All libraries monitored by a single StorageTek Modular Libraries server must have the same v3 user name. It is recommended that you create a new, unique user for this purpose.
auth	auth_protocol	Authentication protocol for users and hosts receiving traps. Either MD5 or SHA.
authPass	auth_password	Authorization password of the user
priv	privacy_protocol	Privacy protocol type, either DES or AES.
privPass	priv_password	Encryption password that is the private key for encryption.
community	communitystring	Agent community string. When set to public, requests coming from any community string will be accepted.

List SNMP Users

To list SNMP users, enter the following.

snmp listUsers

Example 2-1 List SNMP users — v3 output

> snmp listUsers
 requestId
 requestId 21

 Auth MD5
 AuthPass *****
Index 2
 Name snmp
 Priv DES
 Priv Pass *****
Version v3
 Object Snmp snmp
 Done

Example 2-2 List SNMP users — v2c output

> snmp listUsers
 requestId
 requestId 21

 Attributes Community public
 Index 1
 Version v2c
 Object Snmp snmp

Add an SNMP User

The following describe how to add an SNMP user for SNMPv3 and SNMPv2c.

SNMPv3

To create a user for SNMPv3, enter the following. See Table 2-2 for possible values of these variables.

snmp addUser version v3 name name auth auth_protocol authPass auth_password priv privacy_protocol privPass priv_password

Example 2-3 Add SNMP v3 user

> snmp addUser version v3 name stkAgentV3 auth MD5authPass snmpsnmp priv DES privPass DESPassPhrase requestId requestId 10 Device 1,0,0,0 Success true Done Failure Count 0 Success Count 1

SNMPv2c

To create an SNMPv2c user, enter the following. See Table 2-2 for possible values of these variables.

snmp addUser version v2c community communityString

Example 2-4 Add SNMP v2c user

> snmp addUser version v2c community public requestId requestId 6 Device 1,0,0,0 Success true Done Failure Count 0 Success Count 1

Delete an SNMP User

The follow describes how to delete an SNMP user.

SNMPv3

To delete an SNMPv3 user, enter the following. See Table 2-2 for possible values of these variables.

snmp deleteUser version v3 name userName

Example 2-5 Delete SNMP v3 user

> snmp deleteUser version v3 name stkUserV3
 requestId
 requestId 6
 Device 1,0,0,0
 Success true
 Done

 Failure Count 0
 Success Count 1

SNMPv2c

To delete an SNMPv2c user, enter the following.

snmp deleteUser id id

Example 2-6 Delete SNMP v2c user

> snmp deleteUser id 1
 requestId
 requestId 6
 Device 1,0,0,0
 Success true
 Done

 Failure Count 0

 Success Count 1

Configuring Trap Recipients Tasks

Table 2-3 lists the variables used in this section.

Table 2-3 Trap Recipient Variables

Argument	Variable	Description
trapLevel	trapLevelString	Trap level (can be single digit or several digits separated by commas).
host	name	IP address of host (hostName is disabled).
version	v2 or v3	Version of SNMP.
name	name	Name assigned to the SNMP user. All libraries monitored by a single StorageTek Modular Librariesserver must have the same v3 user name. It is recommended that you create a new, unique user for this purpose.
auth	auth_protocol	Authentication protocol for users and hosts receiving traps. Either MD5 or SHA.
authPass	auth_password	Authorization password or pass phrase.
priv	privacy_protocol	Privacy protocol type, either DES or AES.
privPass	priv_password	Encryption password that is the private key for encryption.
engineID	engineIDstring	A string of hexadecimal characters (31 max), preceded with 0x. The authoritative engineId is from the SNMP agent that sends the traps (such as the library). Required on SNMPv3 traps.
community	communitystring	Agent community string. When set to public, requests coming from any community string will be accepted.

In general, the authoritative engineID is from the SNMP agent that sends the traps (such as the library). To acquire the engineID, use the following command:

snmp engineID print
engineId:0x80001f88043531363030303030343434

Note: For the SL150, the engineID is preloaded as the default value in the engineId text field within the browser user interface.

List Trap Recipients

To list all trap recipients, enter the following.

snmp listTrapRecipients

Example 2-7 List trap recipients — v3 output

> snmp listTrapRecipients
 requestId
 requestId 39
 Attributes Auth MD5
 AuthPass *****
Engine Id 0x12345678910
 Host 128.45.1.162
 Index 2
 Name snmp
 Port 162
 Priv DES
 Priv Pass *****
Trap Level 1,2,3,11
 Version v3
 Object Snmp snmp

Example 2-8 List trap recipients — v2c output

> snmp listTrapRecipients
 requestId
 requestId 39

 Attributes Community public
 Host 128.45.1.162
 Index 1
 Port 162
 Trap Level 1,2,3,11
 Version v2c
 Object Snmp snmp

Add a Trap Recipient

The following information describes how to add a trap recipient for SNMPv3 and SNMPv2c.

SNMPv3

To add an SNMPv3 trap recipient, enter the following. See Table 2-3 for possible values of these variables.

snmp addTrapRecipient traplevel trapLevelString host name version v3 name name auth auth_protocol authPass authPassPhrase priv privacy_protocol privPass privPassPhrase engineID engineIDstring

Example 2-9 Add v3 trap recipient

> snmp addTrapRecipient traplevel 1,2,3,11 host 128.45.1.162 version v3
name snmp auth MD5 authPass snmpsnmp priv DES privPass
engineID 0x12345678910
 requestId
 requestId 2
 Device 1,0,0,0
 Success true
 Done

 Failure Count 0
 Success Count 1

SNMPv2c

To add an SNMPv2c trap recipient, enter the following. See Table 2-3 for possible values of these variables.

snmp addTrapRecipient traplevel trapLevelString host name version v2c community communityString

Example 2-10 Add v2c trap recipient

SL8500> snmp addTrapRecipient traplevel 1,2,3,11 host 128.45.1.162 version v2c community public
 requestId
 requestId 2
 Device 1,0,0,0
 Success true
 Done

 Failure Count 0
 Success Count 0

Delete a Trap Recipient

This section describes how to delete a trap recipient. See Table 2-2 for possible values of these variables.

SNMPv3

To delete an SNMPv3 trap recipient, enter the following.

snmp deleteTrapRecipient host name version v3

Example 2-11 Delete v3 trap recipient

> snmp deleteTrapRecipient host 128.45.1.162 version v3 name stkAgentV3
 requestId
 requestId 51
 Device 1,0,0,0
 Success true
 Done

 Failure Count 0
 Success Count 1

SNMPv2c

To delete an SNMPv2c trap recipient, enter the following.

snmp deleteTrapRecipient host name version v2 community communityString

Example 2-12 Delete a v2c trap recipient

> snmp deleteTrapRecipient host 128.45.1.162
version v2c community public
 requestId
 requestId 46
 Device 1,0,0,0
 Success true
 Done

 Failure Count 0
 Success Count 1

Enabling and Disabling Ports

The following commands are used to either enable or disable port IDs for SNMP.

Enable a Port ID

To enable a port ID, enter:

snmp enable portID

Example 2-13 Enable a port ID

> snmp enable port2B
 requestId
 requestId 53
 Device 1,0,0,0
 Success true
 Done

 Failure Count 0
 Success Count 1

Disable a Port ID

To disable a port ID, enter:

snmp disable portID

Example 2-14 Disable a port ID

> snmp disable port2B
 requestId
 requestId 53
 Device 1,0,0,0
 Success true
 Done

 Failure Count 0
 Success Count 1

Configuring SNMP Service Information

Service information is entered through the CLI port. To configure the SNMP service information, enter values for any or all of the following variables. See Table 2-4 for possible values of these variables.

snmp config serviceInfo set city cityString contact contactString country countryString zip zipString description descriptionString phone phoneString

Table 2-4 SNMP Service Information Variables

Argument	Variable	Description
contact	contactString	Name of contact for service
streetAddr	streetAddrString	Street address
city	cityString	City
state	stateString	State
country	countryString	Country
zip	zipString	ZIP
description	descriptionString	Any description you wish to enter
phone	phoneString	Phone number for service

Note: Each string will be truncated at 80 characters. For the SL8500 and SL3000, strings must be delimited by single quotation marks.

Example 2-15 Configure SNMP service information

> snmp config serviceInfo set city 'Denver' contact 'Joe' country 'USA' description 'Manager' phone '303-555-1234' state 'CO' streetAddr '555 Main Street' zip '80028'