aix:snmp_config
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
aix:snmp_config [2023/07/05 13:38] manu |
aix:snmp_config [2023/08/18 13:32] (current) manu [SNMPv1 / 2c public] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Configure SNMP v3 ====== | ====== Configure SNMP v3 ====== | ||
| + | |||
| + | ===== SNMPv1 / 2c public ===== | ||
| + | |||
| + | <cli prompt='>'> | ||
| + | root@aixtest /etc> snmpv3_ssw -n | ||
| + | |||
| + | root@aixtest /etc> cat /etc/snmpdv3.conf | ||
| + | VACM_GROUP group1 SNMPv1 public - | ||
| + | VACM_GROUP group1 SNMPv2c public - | ||
| + | |||
| + | VACM_VIEW defaultView internet - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.4.1.2.2.1.1.1.0 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191.1.6 - included - | ||
| + | |||
| + | # exclude snmpv3 related MIBs from the default view | ||
| + | VACM_VIEW defaultView snmpModules - excluded - | ||
| + | VACM_VIEW defaultView 1.3.6.1.6.3.1.1.4 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.6.3.1.1.5 - included - | ||
| + | |||
| + | # exclude aixmibd managed MIBs from the default view | ||
| + | VACM_VIEW defaultView 1.3.6.1.4.1.2.6.191 - included - | ||
| + | |||
| + | # Added for icinga | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.3.8.1 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.3.8.1.2 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.5 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.3.1 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.3.1.2 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.3.1.1 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.3.1.3 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.3.1.5 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.3.1.6 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.3.1.4 - included - | ||
| + | |||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.1 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.2 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.3 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.4 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.5 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.6 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.7 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.8 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.9 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.2.1.10 - included - | ||
| + | |||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.4.2.1 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.4.2.1.1 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.4.2.1.2 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.4.2.1.4 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.4.2.1.5 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.5.1.1.2 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.5.1.1.1 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.4.2.1.7 - included - | ||
| + | |||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.3.3.1 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.3.3.1.1 - included - | ||
| + | VACM_VIEW defaultView 1.3.6.1.2.1.25.3.3.1.2 - included - | ||
| + | |||
| + | |||
| + | VACM_ACCESS group1 - - noAuthNoPriv SNMPv1 defaultView - defaultView - | ||
| + | VACM_ACCESS group1 - - noAuthNoPriv SNMPv2c defaultView - defaultView - | ||
| + | |||
| + | COMMUNITY public public noAuthNoPriv 0.0.0.0 0.0.0.0 - | ||
| + | </cli> | ||
| + | |||
| + | Restart demons | ||
| + | <cli prompt='>'> | ||
| + | root@aixtest /etc> stopsrc -s snmpmibd;stopsrc -s aixmibd;stopsrc -s snmpd;stopsrc -s hostmibd;stopsrc -s dpid2 | ||
| + | root@aixtest /etc> startsrc -s snmpmibd;startsrc -s aixmibd;startsrc -s snmpd;startsrc -s hostmibd;startsrc -s dpid2 | ||
| + | </cli> | ||
| + | |||
| + | **Test** | ||
| + | |||
| + | AIX command | ||
| + | <cli prompt='>'> | ||
| + | root@aixtest /etc> /usr/sbin/snmpinfo -m dump -c public -h aixtest | ||
| + | 1.3.6.1.2.1.1.1.0 = "IBM PowerPC CHRP Computer | ||
| + | Machine Type: 0x0800004c Processor id: 00C2xxx04B00 | ||
| + | Base Operating System Runtime AIX version: 07.02.0005.0203 | ||
| + | ... | ||
| + | </cli> | ||
| + | |||
| + | Linux command (from snmp-utils rpm) | ||
| + | <cli prompt='>'> | ||
| + | root@aixtest /etc> snmpwalk -v2c -m all -c public aixtest sysName.0 | ||
| + | SNMPv2-MIB::sysName.0 = STRING: aixtest | ||
| + | root@aixtest /etc> snmpwalk -v1 -m all -c public aixtest sysName.0 | ||
| + | SNMPv2-MIB::sysName.0 = STRING: aixtest | ||
| + | </cli> | ||
| + | |||
| + | To filter on a specific IP change the string **COMMUNITY**, with IP or subnet | ||
| + | Ex: | ||
| + | COMMUNITY public public noAuthNoPriv 10.10.10.10 255.255.255.255 - | ||
| + | |||
| + | or range, | ||
| + | Ex: | ||
| + | COMMUNITY public public noAuthNoPriv 172.10.0.0 255.255.0.0 - | ||
| + | |||
| + | |||
| + | === To change community public === | ||
| + | |||
| + | Change the lines with the new community string, here public is replaced by Str0ngC0mmunity: | ||
| + | <code> | ||
| + | VACM_GROUP group1 SNMPv1 Str0ngC0mmunity - | ||
| + | COMMUNITY Str0ngC0mmunity Str0ngC0mmunity noAuthNoPriv 0.0.0.0 0.0.0.0 - | ||
| + | VACM_GROUP director_group SNMPv2c Str0ngC0mmunity - | ||
| + | </code> | ||
| + | |||
| + | You then need to stop the daemons: | ||
| + | <code> | ||
| + | stopsrc -s aixmibd | ||
| + | stopsrc -s hostmibd | ||
| + | stopsrc -s snmpmibd | ||
| + | stopsrc -s snmpd | ||
| + | </code> | ||
| + | |||
| + | To start the daemons, execute the following commands using the new community string: | ||
| + | <code> | ||
| + | startsrc -s aixmibd -a "-c Str0ngC0mmunity" | ||
| + | startsrc -s hostmibd -a "-c Str0ngC0mmunity" | ||
| + | startsrc -s snmpmibd -a "-c Str0ngC0mmunity" | ||
| + | startsrc -s snmp | ||
| + | </code> | ||
| + | ===== SNMPv3 public ===== | ||
| + | |||
| + | https://www.ibm.com/support/pages/ibm-aix-how-configure-community-based-snmp-and-snmp-traps | ||
| + | |||
| Steps | Steps | ||
| Line 102: | Line 229: | ||
| 6. Generate key pairs for the SNMP agent IP | 6. Generate key pairs for the SNMP agent IP | ||
| + | |||
| + | <code> | ||
| + | pwtokey [-e ] [ -d DebugLevel ] [ -p Protocol ] [ -u KeyUsage ] [ -s ] Password [ EngineID | HostName | IPAddress ] | ||
| + | </code> | ||
| <cli prompt='#'> | <cli prompt='#'> | ||
| # pwtokey -u all u1password 9.3.58.12 | # pwtokey -u all u1password 9.3.58.12 | ||
| + | Display of 16 byte HMAC-MD5 authKey: | ||
| + | f030abfad3123456a5d5416bd232d0a5 | ||
| + | |||
| + | Display of 16 byte HMAC-MD5 localized authKey: | ||
| + | 6b5bddcf9702102641a9ab8b1d5f791f | ||
| + | |||
| + | Display of 16 byte HMAC-MD5 privKey: | ||
| + | f030abfad3123456a5d5416bd232d0a5 | ||
| + | |||
| + | Display of 16 byte HMAC-MD5 localized privKey: | ||
| + | 6b5bddcf9702102641a9ab8b1d5f791f | ||
| </cli> | </cli> | ||
| Line 115: | Line 257: | ||
| 7. Add a “USM_USER” line to snmpdv3.conf file, here’s what the USM_USER line looks like: | 7. Add a “USM_USER” line to snmpdv3.conf file, here’s what the USM_USER line looks like: | ||
| <code> | <code> | ||
| - | USM_USER u1 - HMAC-MD5 | + | USM_USER u1 - HMAC-MD5 6b5bddcf9702102641a9ab8b1d5f791f DES 6b5bddcf9702102641a9ab8b1d5f791f L - |
| - | 6b5bddcf9702102641a9ab8b1d5f791f DES | + | |
| - | 6b5bddcf9702102641a9ab8b1d5f791f L - | + | |
| </code> | </code> | ||
| - | The first string is the localized authKey genereated in step 6. | + | * The first string is the localized authKey genereated in step 6. |
| - | The second string is the localized privKey generated in step 6. | + | * The second string is the localized privKey generated in step 6. |
| Note that it is ONE line only, ending with a dash as seen bellow | Note that it is ONE line only, ending with a dash as seen bellow | ||
| <code> | <code> | ||
| Line 166: | Line 307: | ||
| # clsnmp -h user1 -v walk system | # clsnmp -h user1 -v walk system | ||
| </cli> | </cli> | ||
| + | |||
| + | Test with snmpwalk | ||
| + | snmpwalk -v2c -m all -c public 10.10.10.10 | ||
| + | snmpwalk -v3 -u u1 -a SHA -A "mypass" 192.178.0.37 | ||
| + | snmpwalk -v3 -l authNoPriv -u u1 -a SHA -A "mypass" -x DES -X "mypass" 192.178.0.37 | ||
| + | snmpwalk -v3 -l authNoPriv -u u1 -a SHA -A "mypass" -x AES -X "mypass" 192.178.0.37 | ||
| + | |||
| + | |||
| + | |||
| + | https://www.centrosun.com/how-to-configure-the-snmp-protocol-of-aix.html | ||
| + | |||
| + | https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-apm-agents/SaaS/infrastructure-agent/host-monitoring/Host-Monitoring-on-AIX.html | ||
| + | https://www.ibm.com/support/pages/ibm-aix-how-configure-snmpv3-encrypted | ||
| + | https://www.centrosun.com/how-to-configure-the-snmp-protocol-of-aix.html | ||
| + | https://thwack.solarwinds.com/product-forums/network-performance-monitor-npm/f/forum/78155/snmpv3-configuration-on-aix-server | ||
| + | https://unix.stackexchange.com/questions/653104/snmpv3-on-aix-from-linux-shows-authentication-failure | ||
| + | https://community.icinga.com/t/aix-snmp-monitoring-interfaces/1594 | ||
| + | http://ps-2.kev009.com/wisclibrary/aix52/usr/share/man/info/en_US/a_doc_lib/aixbman/commadmn/snmp_snmpv3_trouble.htm | ||
| + | https://docs.centreon.com/fr/pp/integrations/plugin-packs/procedures/operatingsystems-aix-snmp/ | ||
| + | https://nagios.fm4dd.com/howto/aix-snmp-setup.shtm | ||
aix/snmp_config.1688557118.txt.gz · Last modified: 2023/07/05 13:38 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
