Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 6 SNMPv2c and SNMPv3 : Configuring SNMP

Configuring SNMP
To configure SNMP on a TIBCO Messaging Appliance P-7500 system, enter the snmp-server Global CONFIG command:
tibco(config)# snmp-server
Entering the snmp-server Global CONFIG command moves you to the SNMP CONFIG level within the CLI for configuring SNMP parameters.
tibco(config-snmp-server)#
From here you can configure the system for SNMPv2c or SNMPv3 using the following SNMP Server CONFIG commands:
“community” (SNMPv2c only)
“user” (SNMPv3 only)
Configuring SNMPv2c Communities
For SNMPv2c, access to an SNMP server by an SNMP client is governed by a proprietary SNMP community table that identifies those communities that have read-only, read-write, or administrative privileges to access the SNMP MIBs stored on an SNMP server.
When an SNMP server receives a request, the server extracts the client’s community name. The SNMP community table is searched for a matching community. If a match is found, the IP address is accepted. A nonmatching community results in an SNMP authentication error.
Each entry in the community table identifies:
SNMPv2c has three privilege levels:
Note: TIBCO Messaging Appliance P-7500 only permits read-only access.
community
To configure an authorized SNMPv2c community for read-only access to the SNMP server MIBs, associate SNMPv2c communities with SNMP MIB views, and create and modify the SNMPv2c community table, enter the community SNMP Server CONFIG command:
tibco(config-snmp-server)# community <name> group <group>
Where:
<name> is the name of the SNMPv2c community
Note: SNMPv2c community names can contain up to 31 alphanumeric characters, and must be unique among all created communities.
<group> is the name of the group to associate with the SNMPv2c community
Note:
The community name acts as a password and is used to authenticate messages sent between an SNMP client and a TIBCO Messaging Appliance P-7500 system containing an SNMP server.
The no version deletes a community from the SNMP community table.
group
The TIBCO Messaging Appliance P-7500 system recognizes up to 16 groups for SNMP access. To create or modify an SNMPv2c group, enter the group SNMP Server CONFIG command:
tibco(config-snmp-server)# group <name> v2c
Where:
<name> is the name of the group
Note: SNMPv2c group names can contain up to 31 alphanumeric characters, and must be unique among all created communities.
v2c is the version of the SNMP protocol to be used to access the group. SNMPv2c is used as a default if no version is specified.
Configuring SNMPv3 Users and Groups
Security features of SNMPv3 allow you to specify who will receive traps and to define MIB views that users in different groups can access. Refer to “SNMPv3 Security Improvements” on page  78 for details.
user
To create or modify SNMPv3 users, enter the user SNMP Server CONFIG command:
tibco(config-snmp-server)# user <name> group <group> password <password>
Where:
<name> is the name of the SNMPv3 user
Note: SNMPv3 user names can contain up to 31 alphanumeric characters, and must be unique among all created communities.
<group> is the name of the group to associate with the user
<password> is the password assigned for the user
Note: An SNMP user password can contain 8 to 128 alphanumeric characters, and can be used with all created users, whether v2c or v3.
Note:
If the SNMPv3 user already exists, the user's group is changed to the given group. Otherwise, the user is created and added to the group.
group
The TIBCO Messaging Appliance P-7500 system recognizes up to 16 groups for SNMP access. To create or modify an SNMPv3 group, enter the group SNMP Server CONFIG command:
tibco(config-snmp-server)# group <name> v3 {auth | noauth | priv}}
Where:
<name> is the name of the group
Note: SNMPv3 group names can contain up to 31 alphanumeric characters, and must be unique among all created communities.
v3 is the version of the SNMP protocol to be used to access the group.
auth | noauth | priv is the minimum level of security needed to access the group. This applies to SNMPv3 users only.
Note: The no version deletes the specified group.
Setting System Parameters
Setting the contact person and location parameters on TIBCO Messaging Appliance P-7500 systems provides helpful identifiers for the system. These identifiers are arbitrary and do not affect the system’s function, but they are useful to have.
contact
To configure the contact person for the TIBCO Messaging Appliance P-7500 system, enter the contact SNMP Server CONFIG command:
tibco(config-snmp-server)# contact <name>
Where:
<name> is the name of the person who manages the TIBCO Messaging Appliance P-7500 system (0 to 255 characters). Use quotes around the name when it is two or more terms.
location
To configure the location for the TIBCO Messaging Appliance P-7500 system, enter the location SNMP Server CONFIG command:
tibco(config-snmp-server)# location <name>
Where:
<name> is the name of the server’s physical location (0 to 255 characters). Use quotes around the name when it is two or more terms.
Example:
tibco(config)# snmp-server contact “Bob Smith”
tibco(config)# snmp-server location “10009 Highway 83”
Note: The no version of these commands clears the contact or location identifier from the SNMP configuration.
Configuring SNMP Trap Hosts
Traps are sent to SNMP trap hosts. These hosts are configured in a proprietary trap host table maintained by the SNMP server on the TIBCO Messaging Appliance P-7500 system. Each entry in the table contains:
host
By default no SNMP trap hosts (that is, clients) are notified of SNMP traps. To designate an SNMP trap host as a recipient for SNMP trap notifications, enter the host SNMP Server CONFIG command:
tibco(config-snmp-server)# host <ip-addr> traps [ {v2c | v3 {{auth | noauth | priv} user <name>}}] [port <port>]
Where:
host <ip-addr> is the IP address of the SNMP trap host, specified in the dotted decimal notation form nnn.nnn.nnn.nnn
v2c | v3 is the version of the SNMP protocol to be used. SNMPv2c traps are generated as a default if no version is specified.
auth | noauth | priv is the authentication level of the trap. This applies to SNMPv3 traps only. The parameter noauth is used as a default if this parameter is not provided.
user <name> is the name of the user to be used. This applies to SNMPv3 traps only.
port <port> is the UDP port on the host where notifications are to be sent, specified as a decimal value from 0 to 65,535. Port 162 is used as a default if this parameter is not provided.
Note:
The no version removes the specified host from the list of recipients for SNMP trap notifications.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved