2.5 Configuring SNMP Permissions

For each SNMP-enabled device that you want to discover, configure SNMP information in AppManager Security Manager before you run the Discovery_Snmp Knowledge Script. The type of information you configure varies according to the version of SNMP implemented on the device. The SNMP Toolkit supports SNMP versions 1, 2, and 3.

Configuring SNMP information provides AppManager the permissions it needs to access the MIBs on SNMP-enabled devices.

If you do not explicitly configure SNMP information for AppManager SNMP Toolkit, the Snmp category of Knowledge Scripts search for and use community strings you may have already configured for use by the AppManager for Network Device module.

2.5.1 Configuration for SNMP Versions 1 and 2

Configure community string and version information for each device that is being monitored by each proxy agent computer. On the Custom tab in Security Manager, complete the following fields:

Field

Description

Label

SNMP

Sub-label

Indicate whether the community string information will be used for a single device or for all devices:

  • For a single device, type the <device name>.

  • For all devices, type default.

Value 1

The appropriate community string value, such as private or public.

NOTE:The SyncSet Knowledge Script requires read/write permission. All other Knowledge Scripts require read-only permissions.

Value 3

Type v1 or 1 if the device supports SNMP v1.

Type v2 or 2 if the device supports SNMP v2.

NOTE:If you do not specify an SNMP version, AppManager attempts to determine the version during the Discovery job. This process can be time consuming.

2.5.2 Configuration for SNMP Version 3

The AppManager SNMP Toolkit supports the following modes for SNMP v3:

  • No authentication; no privacy

  • Authentication; no privacy

  • Authentication and privacy

In addition, the modules supports the following protocols for SNMP v3:

  • MD5 (Message-Digest Algorithm 5, an authentication protocol)

  • SHA (Secure Hash Algorithm, an authentication protocol)

  • DES (Data Encryption Standard, an encryption protocol)

  • AES (Advanced Encryption Standard, an encryption protocol, 128-bit keys only)

Your SNMP v3 implementation may support one or more combinations of mode and protocol. that combination dictates the type of information you configure in AppManager Security Manager: User Name (or entity), Context name, protocol name, and protocol passwords.

Configure SNMP v3 information for each SNMP device that is being monitored by each proxy computer. On the Custom tab in Security Manager, complete the following fields:

Field

Description

Label

SNMP

Sub-label

Indicate whether the User Name and Context will be used for a single device or for all devices:

  • For a single device, type the <device name>.

  • For all devices, type default.

Value 1

The SNMP User Name or entity configured for the device.

NOTE:All SNMP v3 modes require an entry in the Value 1 field.

Value 2

The name of a context associated with the user name or entity you entered in the Value 1 field. A context is a collection of SNMP information that is accessible by an entity. If possible, enter a context that provides access to all MIBs for a device.

If the device does not support context, type an asterisk (*).

All SNMP v3 modes require an entry in the Value 2 field.

Value 3

The combination of protocol and password appropriate for the SNMP v3 mode you have implemented:

  • For no authentication/no privacy mode, leave the Value 3 field blank.

  • For authentication/no privacy mode, type md5 or sha and the password for the protocol, separating each entry with a comma. For example, type md5,abcdefgh

  • For authentication/privacy mode, type md5 or sha and the associated password, and then type des or aes and the associated password, separating each entry with a comma. For example, type sha,hijklmno,des,nopqrstu