[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Files Reference

clsnmp.conf File

Purpose

Contents are used by the clsnmp command to identify a host on which an SNMP agent is running.

Description

The contents of the clsnmp.conf file used by the clsnmp command are as follows. Each entry identifies:

An entry in the clsnmp.conf file has the following syntax:

winSnmpName targetAgent admin secName password context secLevel authProto 
authKey privProto privKey

where:

winSnmpName
An administrative name by which the winSNMP code used by clsnmp can locate an entry in this configuration file. This value is to be specified on the -h keyword for the clsnmp command. Valid values are: A character string of 1 to 32 characters. There is no default value.
targetAgent
Identification of the target SNMP agent. By default, the port at which the agent is to receive requests is 161. To specify a port other than 161, use the syntax of:
host:port_number (host  colon port_number)
Valid values are a host name of 1 to 80 characters. An IP address Port number, if specified, must be between 1 and 65535 There is no default value.
admin
Specifies the administrative model supported by the targetAgent. Valid values are:
snmpv1
Indicates community based security with SNMPv1 message protocol data units.
snmpv2c
Indicates community based security with SNMPv2 message protocol data units.
snmpv3
Indicates user based security (USM) with SNMPv3 message protocol data units.
There is no default value.
secName
Specifies the security name of the principal using this configuration file entry. For user-based security, this is the userName. The user must be defined at the targetAgent. This field is ignored unless snmpv3 is specified for the admin keyword. Valid values are: A user name of 1 to 32 characters. There is no default value.
password
Specifies the password to be used in generating the authentication and privacy keys for this user. If a password is specified, the values of the authKey and privKey fields will be ignored.
Note
the use of password instead of keys in this configuration file is not recommended, as storing passwords in this file is less secure than using keys.
This field is ignored unless snmpv3 is specified for the admin keyword. Valid values are: A password of 8 to 64 characters. A '-' (dash) indicates the default. The default value is no password.
context
Specifies the SNMP contextName to be used at the target agent. Note, the contextName is needed only at agents that support multiple contexts. Otherwise, the only context supported is the null context, which is the default value of this keyword. The CS for OS/390 SNMP agent does not support multiple contexts. This field is ignored unless snmpv3 is specified for the admin keyword. Valid values are: A contextName of 1 to 40 32 characters. A '-' (dash) indicates the default. The default value is the null context ("").
secLevel
Specifies the security level to be used in communicating with the target SNMP agent when this entry is used. This field is ingored unless snmpv3 is specified for the admin keyword.
Note
Privacy will be supported on CS for OS/390 V2R7 only in a separately orderable FMID. It will not be supported in the base FMID.
Valid values are: noAuthNoPriv or none which indicates no authentication or privacy requested. AuthNoPriv or auth indicates authentication is requested, but privacy is not requested. AuthPriv or priv indicates both authentication and privacy are requested (only supported in the additional encryption product) . A '-' (dash) indicates the default. The default value is none (noAuthNoPriv).
authProto
Specifies the SNMP authentication protocol to be used in communicating with the target SNMP agent when this entry is used. This field is ignored unless snmpv3 is specified for the admin keyword. Valid values are:
HMAC-MD5
Indicates HMAC mode MD5.
HMAC-SHA
Indicates HMAC mode SHA.
A '-' (dash) indicates the default. The default value is no authentication.
authKey
Specifies the SNMP authentication key to be used in communicating with the target SNMP agent when this entry is used. This key must be the non-localized key. This field is ignored if the password keyword is used. This field is ignored unless snmpv3 is specified for the admin keyword and a non-default value is specified for authProto. Valid values are: A '-' (dash) indicates the default. The default value is no key.
privProto
Specifies the SNMP privacy protocol to be used in communicating with the target SNMP agent when this entry is used.
Note
Privacy will be supported on CS for OS/390 V2R7 only in a separately orderable FMID. It will not be supported in the base FMID.
If privacy is not supported, this keyword will be ignored. This field is ignored unless snmpv3 is specified for the admin keyword. Valid values are: A '-' (dash) indicates the default. The default value is no privacy.
privKey
Specifies the SNMP privacy key to be used in communicating with the target SNMP agent when this entry is used. This key must be the non-localized key. This field is ignored if the password keyword is used. If privacy is not supported, this keyword will be ignored. The privacy and authentication keys are assumed to have been generated using the same authentication protocol (e.g., both with HMAC-MD5 or both with HMAC-SHA). This field is ignored unless snmpv3 is specified for the admin keyword and a non-default value is specified for privProto. Valid values are: A '-' (dash) indicates the default. The default value is no key.

General Usage Rules

As the clsnmp command supports both issuance of SNMP requests and receipt of SNMP traps, the entries in the clsnmp.conf file must be defined for both uses. Multiple entries for the same USM user are allowed within the file. This may be useful to define different security levels for the same user. If multiple entries for the same USM user are defined, be aware that only the first one in the file can be used for receiving notifications. If multiple entries for the same USM user are defined and the user will be used for receiving notifications, the definition with the highest (most stringent) securityLevel should be defined first. Doing so will allow the user to be used for any level of security equal to or lower (less stringent) than the securityLevel defined.

Related Information

The snmpdv3, clsnmp, pwtokey, and pwchange commands.

The /etc/clsnmp.conf file.

The snmpdv3.conf file.

Problem Determination for the SNMP Daemon, Trap Processing, Understanding the SNMP Daemon Logging Facility in AIX 5L Version 5.2 System Management Guide: Communications and Networks.

Understanding the SNMP Daemon in AIX 5L Version 5.2 System Management Guide: Communications and Networks.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]