Introduction
This document helps to enable SNMP on On-Premises Ancor server. It helps to monitor Ancor server health from Element Manager.
Note: Below explained configuration tested with Ubuntu 14.04 running with snmp and act as Manager (Element Manager).
Configure the SNMP on Ancor server
- Login to Ancor as root user
- Run “apt-get update”
Ignore below warning messages:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used.
GPG error: http://repo.mongodb.org precise/mongodb-org/3.2 Release: The following signatures were invalid: KEYEXPIRED 1507497109
W: Failed to fetch http://repo.mongodb.org/apt/ubuntu/dists/precise/mongodb-org/3.2/Release
W: Some index files failed to download. They have been ignored, or old ones used instead.
- Install snmpd package.
apt-get install snmpd
- Edit the file /etc/snmp/snmpd.conf as per below comment.
- Backup the file /etc/snmp/snmpd.conf before editing.
cp -pf /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
- Comment the line with loopback IP address
#agentAddress udp:127.0.0.1:161
- Enable/add the below line to listen all interface
agentAddress udp:161,udp6:[::1]:161
or
- Enable/add only specific IP address to be allowed (In this example snmp will listen only 192.168.1.10 with port 161.
agentAddress udp:192.168.1.10:161
- In “SNMPv3 AUTHENTICATION” section, add below line (In this example “bootstrap” is used as snmp user, password is “password123”, these can be modified).
createUser bootstrap MD5 password123 DES
- In “ACCESS CONTROL” section, add below line (use the same name which is used in previous step).
rwuser bootstrap priv
- Save and exit the file with above changes.
5. Restart the snmpd service.
service snmpd restart
6. Run the below command on Element Manager (not on Ancor server) to verify Ancor is responding properly for snmp GET request.
snmpget -u bootstrap -l authPriv -a md5 -x DES -A password123 -X password123 192.168.2.41 1.3.6.1.2.1.1.1.0
Where:
-u USER-NAME: This parameter is used to appoint the username that you wish to authenticate as. To read or alter anything using SNMP, you must authenticate with a known username.
-l stage: This is used to appoint the security stage that you are connecting with. The feasible belief Synonyms/Hypernyms are noAuthNoPriv for no authentication and no encryption, authNoPriv for authentication but no encryption, and authPriv for authentication and encryption. The username that you are using must be configured to operate at the security stage you select, or else the authentication will not succeed.
-a protocol: This parameter is used to select the authentication protocol that is used. The feasible belief Synonyms/Hypernyms are MD5 or SHA. This must match the information that was appointed when the user was created.
-x PROTOCOL: This parameter is used to select the encryption protocol that is used. The feasible belief Synonyms/Hypernyms are DES or AES. This must match the information that was appointed when the user was created. This is necessary whenever the user's privilege specification has priv after it, making encryption obligatory.
-A passphrase: This is used to give the authentication passphrase that was selected when the user was created.
-X PASSPHRASE: This is the encryption passphrase that was selected when the user was created. If none was selected but an encryption algorithm was given, the authentication passphrase will be used. This is demanded when the -x parameter is given or whenever an user's right specification has a priv after it, demanding encryption.
Example output (OID of system information is 1.3.6.1.2.1.1.1.0, i.e., uname -a)
# snmpget -u bootstrap -l authPriv -a md5 -x DES -A password123 -X password123 192.168.2.41 1.3.6.1.2.1.1.1.0
Created directory: /var/lib/snmp/mib_indexes
iso.3.6.1.2.1.1.1.0 = STRING: "Linux supportsecpod 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64"
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article