Enabling the SNMPD Service at Startup

Execute the following commands on the ISR hsot to enable the NET-SNMP package upon startup.

$ systemctl start snmpd
$ systemctl enable snmpd

Configuring Firewalld For UDP Listening On an ISR Host

On each ISR host, you must configure firewalld for listening to UDP on port 161 for SNMP.

Note:

If the Oracle Linux (OL) standard firewall process, firewalld, is active, configure the SNMPD process to listen to SNMP requests by opening the default SNMP port on the appropriate interface with firewalld. For more information on opening ports in firewalld, see Oracle Communications Interactive Session Recorder Security guide.

$ sudo vi /etc/firewalld/services/snmp.xml

Add the following:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SNMP</short>
  <description>SNMP protocol</description>
  <port protocol="udp" port="161"/>
</service>
$ sudo firewall-cmd --zone=public --add-service snmp --permanent
$ sudo firewall-cmd --reload

Default Configuration Test

The following is an example of an initial SNMP get.

$ snmpget -v 1 -c public <ISR_host_IP> .1.3.6.1.2.1.1.1.0

Configuring an SNMP v3 User

You must create the SNMPv3 user on each ISR host. The following example shows commands run as root to create an isrsnmp user with the password n3wf0und.

$ sudo systemctl stop snmpd.service
$ sudo net-snmp-create-v3-user -ro -A n3wf0und isrsnmp

Add the following line to /var/lib/net-snmp/snmpd.conf:

createUser isrsnmp MD5 "n3wf0und" DES

Add the following line to /etc/snmp/snmpd.conf:

rouser isrsnmp
$ sudo systemctl start snmpd

Test the user using the following command:

$ snmpwalk -v3 -u isrsnmp -A n3wf0und -a MD5 -l AuthnoPriv <ISR_host_IP> system

This action adds the following line at the bottom of the /etc/snmp/snmpd.conf file:

rouser isrsnmp