SNMP Version 3 Locate
Settings related to SNMP Version 3 can be maintained by selecting the relevant sub-items: Users, Groups, Views and Trap Sink. A View must be defined before a Group can be created. Groups in turn contain Users.
These settings, however, take effect only if the WSO2 SOA Enablement Server SNMP Agent acts as an SNMPv3 agent.
SNMPv3 Views Locate
On this page, SNMPv3 VACM view properties are displayed. Views allow access to system tree, Internet subtree, etc.
View Table contains the following information on views: name, type, subtree and mask.
Add/Edit SNMPv3 View Locate
After clicking on the Edit icon or Add User button, the following properties of the view (vacmViewTreeFamilyTable) can be edited on the page that appears, as shown in Figure 5:
Name: Represents the name of the view. Multiple views can have the same name.
Type: Select the type of the view from the combo box. Available options are: 'included' and 'excluded'. Each view subtree in the MIB view is specified as being included or excluded. That is, the MIB view either includes or excludes all object instances contained in that subtree.
Subtree: This field defines the subtree Object ID. A subtree is a node in the MIB's naming hierarchy including all of its subordinate elements.
Mask: View mask is a list of '0' or '1', separated by '.' or ':'. View mask is defined in order to reduce the amount of configuration information required when fine-grained access control is required. Each bit of this bit mask specifies whether or not the corresponding sub-identifiers must match when determining if an OBJECT IDENTIFIER is in this family of view subtrees; a '1' indicates that an exact match must occur; a '0' indicates 'wild card', that is, any sub-identifier value matches.
SNMPv3 Groups Locate
On this page, the SNMPv3 group properties are displayed.
The Group Table contains the following information on groups: name, security level, match (either 'prefix' or 'exact'), context prefix, read view, write view and notify view.
Users within the same group have the same security level.
Add/Edit SNMPv3 Group Locate
After clicking on the Edit icon or Add Group button, the following access rights of the group can be edited on the page that appears, as shown in Figure 6:
Name: Represents the SNMPv3 group's name.
Security Level: The level of security at which SNMP messages can be sent, or the level of security at which operations are being processed. There are three security levels for SNMPv3 groups:
noAuthNoPriv means that neither authentication nor encryption algorithm applies to packets; (without authentication and without privacy)
authNoPriv means that only the authentication algorithm applies to packets; (with authentication but without privacy).
authPriv means that both authentication and encryption algorithms apply to packets; (with authentication and with privacy).
Select one of the security levels from the combo box.
Match: If the value of this object is exact, then only rows where the contextName exactly matches Context Prefix are selected. If the value of this object is prefix, then all rows with a contextName whose starting octets match the Context Prefix are selected. This allows for a simple form of wildcarding.
Context Prefix: In order to gain the access rights allowed by this conceptual row, a contextName must match exactly (if Match is exact) or partially (if the value of Match is prefix) to the value of the instance of this object.
Read View: The view associated with this group for READ operations, such as GET, GETNEXT, GETBULK.
Write View: The view associated with this group for WRITE operations, such as SET.
Notify View: The view associated with this group for notification operations.
Users Locate
On this page, the authorized users' properties are displayed. A user's security level is determined by the security level of its group, not by the values of authPassword and privPassword. If the security level is authNoPriv, the privPassword field's value will be ignored.
The User Table contains the following information on users: name, group to which the user belongs, authentication algorithm and privacy service encryption/decryption algorithm.
Add/Edit SNMPv3 User Locate
After clicking on the Edit icon or Add User button, the following properties of the user can be edited on this page, as shown in Figure 7:
Name: Represents the SNMPv3 user's name.
Group: Displays the group to which the user belongs. A user's security level is determined by the security level of its group, not by the values of Authentication Password and Private Password. If the security level is authNoPriv, the Private Password field's value will be ignored. The preferred group can be selected from the combo box.
Authentication: The authentication algorithm can be selected from the combo box. Two algorithms are supported: MD5 and SHA.
Authentication Password: Type the authentication password of the user in the provided text box.
Confirm Authentication Password: Retype the above-entered password into this field for confirmation.
Privacy: The privacy service encryption and decryption algorithm can be selected from this combo box. There are two supported algorithms: DES and AES.
Privacy Password: Type in the privacy password of the user.
Confirm Privacy Password: Retype the above-entered password into this field for confirmation.
SNMPv3 Trap Sink Locate
SNMP Agent can send traps to various trap receivers. These trap receivers and their properties are displayed in the Trap Sink table.
A trap sink's security level is determined by the values of authPassword and privPassword.
The Trap Sink table contains information on hostname, port, user name, authentication, privacy and whether the SNMP INFORM request is sent instead of a trap to the trap receiver(s).
![[Note]](images/note.gif) | Note |
|---|---|
When an INFORM is sent, the receiver sends a response back to the sender acknowledging receipt of the event. | |
Items in the table can be sorted by Hostname in ascending or descending order. To change the order, click on the Hostname link.
Add/Edit SNMPv3 Trap Sink Locate
After clicking on the Edit icon or Add Trap Sink button, the following properties of the trap receiver can be edited on the page that appears, as shown in Figure 8.
Hostname: This field should contain the host name or IP address of the trap receiver.
Port: Represents the port number of the trap receiver. The default value is 162.
User Name: One of user names in the trap receiver's user list.
Authentication: The authentication algorithm can be selected form the combo box. There are two supported algorithms: MD5 and SHA.
Authentication Password: Type the authentication password in the provided text box.
Confirm Authentication Password: Retype the above-entered password into this field for confirmation.
Privacy: The privacy service encryption and decryption algorithm can be selected from this combo box. There are two supported algorithms: DES and AES.
Privacy Password: Type in the privacy password.
Confirm Privacy Password: Retype the above-entered password into this field for confirmation.
Is Inform: This field can determine whether the SNMP INFORM request is sent instead of a trap to the trap receiver(s). In order to use the INFORM request tick the relevant check box.
| Note |
|---|---|
A trap sink's security level is determined by the Authentication Password and Privacy Password. If both of them are empty strings, security level is noAuthNoPriv (without authentication and without privacy). If Privacy Password is an empty string, security level is authNoPriv (with authentication but without privacy). If both of them are non-empty strings, security level is authPriv (with authentication and with privacy). | |