![]() |
|||
![]() |
![]() ![]() |
![]() |
![]() ![]() |
![]() |
![]() ![]() |
![]() |
| |||||||||||||||||||
Chapter 4Developing a Remote SNMP ManagerNMA information can be accessed using the Simple Network Management Protocol (SNMP). This chapter explains how to configure an external SNMP manager, and provides examples of the configuration files required for three types of SNMP configurations. The Java DMK can be used to develop a remote manager that communicates with the NMA using SNMP. For information on how to use the Java DMK to develop a manager that communicates using SNMP, see "Developing an SNMP Manager" in the Java Dynamic Management Kit 5.0 Tutorial. Alternately, any SNMP manager can be used. This chapter contains the following sections: Configuring an SNMP AgentThe NMA offers SNMPv1, SNMPv2 and SNMPv3 interfaces via the SNMP protocol adaptor. Edit the following values in the nma.properties file to configure the SNMP protocol adaptor:
By default the NMA uses the standard Java DMK access control configuration files. The following templates are available for use in a default installation:
Use these templates to create configuration files for customized access control configuration. Edit the jdmk.acl.file and jdmk.uacl.file properties in the nma.properties file to reflect the paths to your access control configuration files. The following three files are included for SNMP traps and security configuration, in accordance with the Internet Engineering Task Force RFC 2573.
The NMA MIB is located at /opt/SUNWcgha/etc/ma/nhasmib.txt in a default installation. Note - SNMPv1 does not support 64-bit counters. Retrieval of CGTP statistics that use 64-bit counters is not possible when using SNMPv1. IP-Based Access Control ListsIn SNMPv1 and SNMPv2, access control is provided on the basis of the IP address and community of the manager's host machine. Example 4-1 Typical nma.acl File
Format of the acl GroupThe acl group contains one or more access configurations.
Each access configuration has the following format:
The communityList is a list of SNMP community names to which this access control applies. The community names in this list are separated by commas. The accessRights specifies the rights to be granted to all managers connecting from the hosts specified in the hostList. There are two values: either read-write or read-only. The hostList specifies the hosts of the managers to be granted the access rights. The hostList is a comma-separated list of hosts, each of which can be expressed as any one of the following:
The set of all access configurations defines the access policy of the SNMP agent. A manager whose host is specified in a hostList and that identifies itself in one of the communities of the same configuration will be granted the permissions defined by the corresponding accessRights. A manager's host can appear in several access configurations provided it is associated with a different community list. This will define different access communities with different rights from the same manager. A manager whose host-community identification pair does not appear in any of the access configurations will be denied all access. This means that protocol data units (PDU) from this manager will be dropped without being processed. | |||||||||||||||||||
| |||||||||||||||||||
![]() |