SNMP community strings are text strings that act as a rudimentary authentication mechanism for SNMP v1/v2. An SNMP manager places a community string (in plaintext) into an SNMP request when sending the request to a managed device such as an SBC RESTCONF API. The SNMP agent in a managed device ignores SNMP requests that do not contain a community string matching with the previously configured one. The SBC supports configuring up to eight SNMP community strings using the communityString object described below.

For additional details about configuring SNMP, refer to Configuring SBC for SNMP.

Command Syntax

% set oam snmp
	communityString
		<snmpCommunity_Index>
		snmpCommunityName <community name>
	localEngineId <Id>
	securityLevel <authNoPriv | authPriv | noAuthNoPriv>
	trapTarget <trap target name>
		fqdn <SNMP trap target FQDN>
		ipAddress <IP address>
		port <port number>
		state <disabled | enabled>
		targetSecurityLevel <authNoPriv | authPriv | noAuthNoPriv>
		targetUserName <name>
		trapType <inform | v1 | v2 | v3>
	users <username>
		authKey <colon separated hex string>
		authProtocol <HMACMD5 | HMACSHA>
		group <admin | user | operator>
		privKey <colon separated hex string>
		privProtocol <DES | AES128>
	version <v1v2c | v3only>

% show oam snmp trapTarget <trap target name>
   displaylevel <displaylevel>
   ipAddress <IP address>
   port <port number>
   state <disabled | enabled>
   trapType <inform | v1 | v2>
 
% delete oam snmp trapTarget

Command Parameters

SNMP Parameters


Parameter

Length/Range

Description

communityStringN/A

SNMP Community String. A maximum of eight community strings may be configured.

  • <community string Index> – The index of this SNMP Community String (length: 1-32 characters).
  • snmpCommunityName – The name of the Community String.
localEngineId5-32 octetsThe value of User-based Security Model (USM) user engine ID and the SNMP community context engine ID.
securityLevelN/A

The vacm security level for all users in model 0 and 3. Options are:

  • authNoPriv – Authenticated but unencrypted
  • authPriv (default) – Authenticated and encrypted
  • noAuthNoPriv – Unauthenticated and unencrypted

trapTarget

N/A

<trapTarget name> – The name of the trap target.

  • fqdn – Specifies an FQDN for the trap target. Use an FQDN to configure the SBC to use Service Discovery to point to up to eight IP address and port combinations as trap targets. Refer to Service Discovery for Trap Target Destinations and EMS Registration for for more information on Service Discovery. Refer to Configuring Service Discovery for Trap Target Destinations and EMS Registration for information on FQDN naming conventions.
    NoteIf both an IP address and FQDN are specified for a trap target, the SBC uses first the resolved IP addresses from the FQDN. If no IP addresses are resolved for the FQDN, then the trap target falls back to the specified IP address.
  • ipAddress – The IP address of the trap target, which can be of type:
    • IPv4 – This is V4 IP address in dotted decimal form (for example, 128.127.50.224).
    • IPv6 – This is V6 IP address in hexadecimal/colon form (for example, 1280:1276:3350:2224:2222:3333:8888:1245 or fd00:21:445:128::7880)
  • port – The port number for SNMP traps (range: 1-65535 / default = 162).
  • state – Configured state of the trap target entry. Options are:
    • disabled (default) – No traps are sent to the trap server.
    • enabled – Traps are sent to the trap server.
  • targetSecurityLevel– The trap target security level.
    • authNoPriv – Authenticated but unencrypted
    • authPriv (default) – Authenticated and encrypted
    • noAuthNoPriv – Unauthenticated and unencrypted
  • targetUserName – The trap target SNMPV3 security name (up to 32 characters).
  • trapType– The type of the trap sent to the target. Options are:
    • inform – SNMP notifications will be sent to the trap target server.
    • v1 – SNMPv1 traps will be sent to the trap target server.
    • v2 (default) – SNMPv2 traps will be sent to the trap target server.
    • v3 – SNMPv3 traps will be sent to the trap target server.

The SBC supports configuring up to 32 trap targets.

usersN/A

<username> – Use this parameter to define SNMP users for the USM privacy facility. Enter a user name, and then choose from the options below:

  • authKey – SNMPv3 authentication key (colon separated hex string). Once set, the user cannot retrieve this value.
  • authProtocol –  The type of authentication protocol to use.
    • HMACMD5
    • HMACSHA (default)
  • group – Choose the user's group type:
    • admin
    • user
    • operator
  • privKey – SNMPv3 privacy key (colon separated hex string). Once set, the user cannot retrieve this value.
  • privProtocol– The privacy protocol to use:
    • DES
    • AES128 (default)
version

 N/A

The SNMP versions to support in SNMP configuration. Set to "v3only" if using SNMPv3 trap configuration.

  • v1v2c (default) – Support SNMPv1 and SNMPv2.
  • v3only – Support SNMPv3 only.

Command Example

To display the configuration of SNMP parameters:

% show oam snmp
trapTarget emaTarget {
    ipAddress 127.0.0.1;
    port      8162;
    trapType  v2;
    state     enabled;
}
version       v1v2c;
localEngineId 80:00:0b:3f:03:00:10:6b:2e:e5:e8;
securityLevel authPriv;
users admin {
    group        admin;
    authProtocol HMACSHA;
    authKey      00:00:00:00:00:00:00:00;
    privProtocol AES128;
    privKey      00:00:00:00:00:00:00:00;
}
users guest {
    group        guest;
    authProtocol HMACSHA;
    authKey      00:00:00:00:00:00:00:00;
    privProtocol AES128;
    privKey      00:00:00:00:00:00:00:00;
}
users operator {
    group        operator;
    authProtocol HMACSHA;
    authKey      00:00:00:00:00:00:00:00;
    privProtocol AES128;
    privKey      00:00:00:00:00:00:00:00;
}