MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 319
NOTE When using SNMPv3 informs, the inform receiver is the authoritative engine.
% set services snmp usm remote 80:00:1f:88:04:74:65:73:74:69:6e:67 user RemUser1 auth
sha password sha1Password
% set services snmp usm remote 80:00:1f:88:04:74:65:73:74:69:6e:67 user RemUser1 priv aes
password aesPassword
Configure SNMP manager as a target with engine id 80:00:1f:88:04:74:65:73:74:69:6e:67 that listens 3.
on port 5000, has IP address of 192.168.1.2, can receive v3 informs (tag “std_v3_inform”) with
user name of ”RemUser1”, with retry timeout of 15 seconds (timeout parameter is in units of 0.01
seconds) and max number of retries of 3.
% set services snmp target TARGET-1-v3 ip 192.168.1.2
% set services snmp target TARGET-1-v3 port 5000
% set services snmp target TARGET-1-v3 tag std_v3_inform
% set services snmp target TARGET-1-v3 timeout 1500
% set services snmp target TARGET-1-v3 retries 3
% set services snmp target TARGET-1-v3-inform engine-id 80:00:1f:88:04:74:65:73:74:69:6e:67
% set services snmp target TARGET-1-v3-inform usm user-name RemUser1
% set services snmp target TARGET-1-v3-inform usm sec-level auth-priv
Add “RemUser1” to VACM group “secure” (as configured in example on SNMP v3-only 4.
configuration) with security model “usm”. Also, ensure VACM group “secure” has notify access to
“internet” view under “usm” security model and “auth-priv” security level.
% set services snmp vacm group secure member User1 sec-model [usm]
% set services snmp vacm group secure access usm auth-priv notify-view internet
Commit configuration. 5.
% commit
To test above configuration, start an SNMP trap receiver (like “snmptrapd” with configuration file as
shown below) and generate “ssh_login” event by logging into the Orbit via SSH.
snmptrapd.conf:
engineID testing
snmpTrapdAddr 0.0.0.0:5000
createUser RemUser1 SHA sha1Password AES aesPassword
authUser log,execute,net RemUser1
doNotFork yes
$ snmptrapd -M +./ -Lo -c snmptrapd.conf
NET-SNMP version 5.4.3
2014-04-22 16:02:17 192.168.1.1 [UDP: [192.168.1.1]:161->[192.168.1.2]]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (271741) 0:45:17.41
SNMPv2-MIB::snmpTrapOID.0 = OID: MDS-EVENT-MIB::mdsEvent
MDS-EVENT-MIB::mdsEventName.0 = STRING: "ssh_login"
MDS-EVENT-MIB::mdsEventInfoInCee.0 = STRING:
"@cee:{\"host\":\"(none)\",\"pname\":\"loggingmgr\",\"time\":\"2014-04-
15T04:25:53.677885+00:00\",\"action\":\"login\",\"service\":\"ssh\",\"domain\":\"os\",\"o
bject\":\"session\",\"status\":\"success\",\"src_ipv4\":\"192.168.1.2\",\"src_port\":42694,\
"user_name\":\"admin\",\"event\":\"ssh_login\",\"profile\":\"http://gemds.com/cee_profil
e/1.0beta1.xsd\"}"
Monitoring
Ensure the CLI is in operational mode. Check SNMP agent status
> show SNMPv2-MIB
To Next Page
Loading...
