Dell 8.1 Snmp Agent Access Control Configuration, Server Administrator Snmp Agent Install Actions

SNMP Agent Access Control Configuration

The management information base (MIB) branch implemented by Server Administrator is identified by the Object Identifier (OID) 1.3.6.1.4.1.674. Management applications must have access to this branch of the MIB tree to manage systems running Server Administrator.

For Red Hat Enterprise Linux and VMware ESXi 4.0 operating systems, the default SNMP agent configuration gives read-only access for the public community only to the MIB-II system branch (identified by the 1.3.6.1.2.1.1 OID) of the MIB tree. This configuration does not allow management applications to retrieve or change Server Administrator or other systems management information outside of the MIB-II system branch.

Server Administrator SNMP Agent Install Actions

If Server Administrator detects the default SNMP configuration during installation, it attempts to modify the SNMP agent configuration to give read-only access to the entire MIB tree for the public community. Server Administrator modifies the SNMP agent configuration file /etc/snm, p/snmpd.conf by:

•Creating a vew to the entire MIB tree by adding the following line if it does not exist: view all included

•Modifying the default access line to give read-only access to the entire MIB tree for the public community. Server Administrator looks for the following line: access notConfigGroup "" any noauth exact systemview none none

•If Server Administrator finds the above line, it modifies the line as: access notConfigGroup "" any noauth exact all none none

NOTE: To ensure that Server Administrator is able to modify the SNMP agent configuration for providing proper access to systems management data, it is recommended that any other SNMP agent configuration changes be made after installing Server Administrator.

Server Administrator SNMP communicates with the SNMP agent using the SNMP Multiplexing (SMUX) protocol. When Server Administrator SNMP connects to the SNMP agent, it sends an object identifier to the SNMP agent to identify itself as a SMUX peer. Because that object identifier must be configured with the SNMP agent, Server Administrator adds the following line to the SNMP agent configuration file, /etc/ snmp/snmpd.conf, during installation if it does not exist:

smuxpeer .1.3.6.1.4.1.674.10892.1

Changing The SNMP Community Name

Configuring the SNMP community name determines which systems are able to manage your system through SNMP. The SNMP community name used by management applications must match an SNMP community name configured on the system running Server Administrator, so that the management applications can retrieve management information from Server Administrator.

To change the SNMP community name used for retrieving management information from a system running Server Administrator:

1.Open the SNMP agent configuration file, /etc/snmp/snmpd.conf.

2.Find the line that reads: com2sec publicsec default public or com2sec notConfigUser default public.

NOTE: For IPv6, find the line com2sec6 notConfigUser default public. Also, add the text agentaddress udp6:161 in the file.

3.Edit this line, replacing public with the new SNMP community name. When edited, the new line should read: com2sec publicsec default community_name or com2sec notConfigUser default community_name.

21