Enabling the SNMPD Service at Startup
Execute the following commands on the ISR hsot to enable the NET-SNMP package upon startup.
$ systemctl start snmpd
$ systemctl enable snmpd
Configuring Firewalld For UDP Listening On an ISR Host
On each ISR host, you must configure firewalld for listening to UDP on
port 161 for SNMP.
Note:
If the Oracle Linux (OL) standard firewall process, firewalld, is active, configure the SNMPD process to listen to SNMP requests by opening the default SNMP port on the appropriate interface with firewalld. For more information on opening ports in firewalld, see Oracle Communications Interactive Session Recorder Security guide.$ sudo vi /etc/firewalld/services/snmp.xml
Add the following:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SNMP</short>
<description>SNMP protocol</description>
<port protocol="udp" port="161"/>
</service>
$ sudo firewall-cmd --zone=public --add-service snmp --permanent
$ sudo firewall-cmd --reload
Default Configuration Test
The following is an example of an initial SNMP get.
$ snmpget -v 1 -c public <ISR_host_IP> .1.3.6.1.2.1.1.1.0
Configuring an SNMP v3 User
You must create the SNMPv3 user on each ISR host. The following example shows commands run as root to create an
isrsnmp user with the password
n3wf0und.
$ sudo systemctl stop snmpd.service
$ sudo net-snmp-create-v3-user -ro -A n3wf0und isrsnmp
Add the following line to /var/lib/net-snmp/snmpd.conf:
createUser isrsnmp MD5 "n3wf0und" DES
Add the following line to /etc/snmp/snmpd.conf:
rouser isrsnmp
$ sudo systemctl start snmpd
Test the user using the following command:
$ snmpwalk -v3 -u isrsnmp -A n3wf0und -a MD5 -l AuthnoPriv <ISR_host_IP> system
This action adds the following line at the bottom of the /etc/snmp/snmpd.conf file:
rouser isrsnmp