[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]
Files Reference
clsnmp.conf File
Purpose
Contents are used by the clsnmp command to identify
a host on which an SNMP agent is running.
Description
The contents of the clsnmp.conf file used by the clsnmp command are as follows. Each entry identifies:
- a host on which an SNMP agent is running,
- the administrative model used to communicate with the host at that agent,
- and the security parameters to be used in the communication.
An entry in the clsnmp.conf file has the following
syntax:
winSnmpName targetAgent admin secName password context secLevel authProto
authKey privProto privKey
where:
- winSnmpName
- An administrative name by which the winSNMP code used by clsnmp can locate an entry in this configuration file. This value is
to be specified on the -h keyword for the clsnmp command. Valid values are: A character string of 1 to 32 characters.
There is no default value.
- targetAgent
- Identification of the target SNMP agent. By default, the port at which
the agent is to receive requests is 161. To specify a port other than 161,
use the syntax of:
host:port_number (host colon port_number)
Valid
values are a host name of 1 to 80 characters. An IP address Port number, if
specified, must be between 1 and 65535 There is no default value.
- admin
- Specifies the administrative model supported by the targetAgent. Valid values are:
- snmpv1
- Indicates community based security with SNMPv1 message protocol data
units.
- snmpv2c
- Indicates community based security with SNMPv2 message protocol data
units.
- snmpv3
- Indicates user based security (USM) with SNMPv3 message protocol data
units.
There is no default value.
- secName
- Specifies the security name of the principal using this configuration
file entry. For user-based security, this is the userName. The user must be defined at the targetAgent.
This field is ignored unless snmpv3 is specified for
the admin keyword. Valid values are: A user name of
1 to 32 characters. There is no default value.
- password
- Specifies the password to be used in generating the authentication and
privacy keys for this user. If a password is specified, the values of the authKey and privKey fields will be
ignored.
Note
the use of password instead of keys in this configuration
file is not recommended, as storing passwords in this file is less secure
than using keys.
This field is ignored unless snmpv3 is specified for the admin keyword. Valid
values are: A password of 8 to 64 characters. A '-' (dash) indicates the default.
The default value is no password.
- context
- Specifies the SNMP contextName to be used at the
target agent. Note, the contextName is needed only at
agents that support multiple contexts. Otherwise, the only context supported
is the null context, which is the default value of this keyword. The CS
for OS/390 SNMP agent does not support multiple contexts. This field is
ignored unless snmpv3 is specified for the admin keyword. Valid values are: A contextName of
1 to 40 32 characters. A '-' (dash) indicates the default. The default value
is the null context ("").
- secLevel
- Specifies the security level to be used in communicating with the target
SNMP agent when this entry is used. This field is ingored unless snmpv3 is specified for the admin keyword.
Note
Privacy will be supported on CS for OS/390 V2R7 only in a separately
orderable FMID. It will not be supported in the base FMID.
Valid
values are: noAuthNoPriv or none which indicates
no authentication or privacy requested. AuthNoPriv or auth indicates authentication is requested, but privacy is not requested. AuthPriv or priv indicates both authentication
and privacy are requested (only supported in the additional encryption product)
. A '-' (dash) indicates the default. The default value is none (noAuthNoPriv).
- authProto
- Specifies the SNMP authentication protocol to be used in communicating
with the target SNMP agent when this entry is used. This field is ignored
unless snmpv3 is specified for the admin keyword.
Valid values are:
- HMAC-MD5
- Indicates HMAC mode MD5.
- HMAC-SHA
- Indicates HMAC mode SHA.
A '-' (dash) indicates the default. The default value is no authentication.
- authKey
- Specifies the SNMP authentication key to be used in communicating with
the target SNMP agent when this entry is used. This key must be the non-localized
key. This field is ignored if the password keyword is used. This
field is ignored unless snmpv3 is specified for the admin keyword and a non-default value is specified for authProto. Valid values are:
- A key of 16 bytes (32 hex digits) when authProto is HMAC-MD5
- A key of 20 bytes (40 hex digits) when authProto is HMAC-SHA
A '-' (dash) indicates the default. The default value is no key.
- privProto
- Specifies the SNMP privacy protocol to be used in communicating with
the target SNMP agent when this entry is used.
Note
Privacy will
be supported on CS for OS/390 V2R7 only in a separately orderable FMID. It
will not be supported in the base FMID.
If privacy is not
supported, this keyword will be ignored. This field is ignored unless snmpv3 is specified for the admin keyword. Valid
values are:
- DES - for CBC-DES (only supported in the additional encryption product)
A '-' (dash) indicates the default. The default value is no privacy.
- privKey
- Specifies the SNMP privacy key to be used in communicating with the
target SNMP agent when this entry is used. This key must be the non-localized
key. This field is ignored if the password keyword is used. If
privacy is not supported, this keyword will be ignored. The privacy and authentication
keys are assumed to have been generated using the same authentication protocol
(e.g., both with HMAC-MD5 or both with HMAC-SHA). This field is ignored unless snmpv3 is specified for the admin keyword and
a non-default value is specified for privProto. Valid
values are:
- A key of 16 bytes (32 hex digits) when authProto is HMAC-MD5
- A key of 20 bytes (40 hex digits) when authProto is HMAC-SHA
A '-' (dash) indicates the default. The default value is no key.
General Usage Rules
- All parameters for an entry must be contained on one line in the # configuration
file.
- A "-" (dash) is used to indicate the default value for a keyword.
- Sequence numbers are not allowed on the statements.
- Comments may be included in the file beginning with a pound sign (#) in
column 1.
- The secName and password parameters
are case-sensitive.
As the clsnmp command supports both issuance of SNMP
requests and receipt of SNMP traps, the entries in the clsnmp.conf file must be defined for both uses. Multiple entries for the same USM
user are allowed within the file. This may be useful to define different
security levels for the same user. If multiple entries for the same USM user
are defined, be aware that only the first one in the file can be used for
receiving notifications. If multiple entries for the same USM user are defined
and the user will be used for receiving notifications, the definition with
the highest (most stringent) securityLevel should be
defined first. Doing so will allow the user to be used for any level of security
equal to or lower (less stringent) than the securityLevel defined.
Related Information
The snmpdv3, clsnmp, pwtokey, and pwchange commands.
The /etc/clsnmp.conf file.
The snmpdv3.conf file.
Problem Determination for the SNMP Daemon, Trap
Processing, Understanding the SNMP Daemon Logging
Facility in AIX 5L Version 5.2 System Management Guide: Communications and Networks.
Understanding the SNMP Daemon in AIX 5L Version 5.2 System Management Guide: Communications and Networks.
[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]