Applies To:

Show Versions Show Versions

Manual Chapter: SNMP Agent Configuration
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Configuration the SNMP agent

You can use the industry-standard SNMP protocol to manage BIG-IP devices on a network. To do this, you must configure the SNMP agent on the BIG-IP system. The primary tasks in configuring the SNMP agent are configuring client access to the SNMP agent, and controlling access to SNMP data.

To better control access to SNMP data, you can assign an access level to an SNMP v1 or v2c community, or to an SNMP v3 user. There is a default access level for communities, and this access level is read-only. This means that you cannot write to an individual data object that has a read/write access type until you change the default read-only access level of the community or user.

The way to modify this default access level is by using the Configuration utility to grant read/write access to either a community (for SNMP v1 and v2c) or a user (SNMP v3), for a given OID. When you set the access level of a community or user to read/write, and an individual data object has a read-only access type, access to the object remains read-only. In short, the access level or type that is the most secure takes precedence when there is a conflict.

Task summary

To configure SNMP on the BIG-IP system, you must perform a series of small tasks.

Task list

Specifying BIG-IP system information

You can use the Configuration utility to specify some basic system information.

  1. On the Main tab, click System > SNMP.
  2. In the Global Setup area, in the Contact Information field, type contact information such as a name and email address. The contact information is a MIB-II simple string variable defined by almost all SNMP machines. The contact name usually contains a user name, as well as an email address.
  3. In the Machine Location field, type the location of the system, such as Network Closet 1. The machine location is a MIB-II variable that almost all machines support. It is a simple string that defines the location of the machine.

Configuring client access

An SNMP client refers to any system running the SNMP manager software for the purpose of remotely managing the BIG-IP system. To set up client access to the BIG-IP system, you specify the IP or network addresses (with netmask as required) from which the SNMP agent can accept requests. (By default, SNMP is enabled only for the BIG-IP system loopback interface, 127.0.0.1.)

Allowing access to the SNMP agent

Use this procedure to allow client access to an SNMP agent.
  1. On the Main tab, click System > SNMP.
  2. For the Client Allow List setting, Type option, select Host or Network, depending on whether the IP address you specify is a host system or a subnet.
  3. Specify the following information:
    1. In the Address field, type an IP address or network address from which the SNMP agent can accept requests.
    2. If you selected Network in step 3, type the netmask in the Mask field.
  4. Click the Add button to add the host or network address to the list of allowed clients.
  5. Click Update.
After you perform this task, the BIG-IP system has a list of IP addresses from which the system can accept SNMP requests.

Allowing monitoring of the SNMP agent

Use this procedure to configure the BIG-IP system to create a self IP address. This makes it possible for a client to monitor the SNMP agent.
  1. On the Main tab, click Network > Self IPs.
  2. If you have not configured the self IP address that you will use for monitoring the SNMP agent, click Create. Otherwise, in the IP Address column, click a self IP address.
  3. From the Port Lockdown list, select Allow Custom.
  4. Select UDP.
  5. Select Port, and in the field, type 161 (the well-known port number for SNMP).
  6. Click Add.
  7. Click Finished or Update.
After you perform this task, a client system can monitor an SNMP agent.

Controlling access to SNMP data

To better control access to SNMP data, you can assign an access level to an SNMP v1 or v2c community, or to an SNMP v3 user.

Granting community access to v1 or v2c SNMP data

To better control access to SNMP data, you can assign an access level to an SNMP v1 or v2c community.
Note: SNMPv1 does not support Counter64 OIDs, which are used for accessing most statistics. Therefore, for SNMPv1 clients, an snmp walk command skips any OIDs of type Counter64. F5 Networks recommends that you use only clients that support SNMPv2 or higher.
  1. On the Main tab, click System > SNMP.
  2. From the Agent menu, choose Access (v1, v2c).
  3. In the upper-right corner of the screen, click Create.
  4. Select the type of address to which the access record applies, either IPv4 or IPv6.
  5. In the Community field, type the name of the SNMP community for which you are assigning an access level.
  6. In the Source field, type the source IP address.
  7. In the OID field, type the OID for the top-most node of the SNMP tree to which the access applies.
  8. For the Access setting, select an access level, either Read Only or Read/Write. (This access level applies to the community name you specified previously.)
  9. Click Finished.

When you use the Configuration utility to assign an access level to a community, the utility updates the snmpd.conf file, assigning only a single access setting to the community.

Granting user access to v3 SNMP data

To better control access to SNMP data, you can assign an access level to an SNMP v3 user.
  1. On the Main tab, click System > SNMP.
  2. From the Agent menu, choose Access (v3).
  3. In the upper-right corner of the screen, click Create.
  4. In the User Name field, type a user name for which you are assigning an access level.
  5. For the Authentication setting, select a type of authentication to use, and then type and confirm the user’s password.
  6. For the Privacy setting, select a privacy protocol, and either type and confirm the user’s password, or select the Use Authentication Password check box.
  7. In the OID field, type the object identifier (OID) for the top-most node of the SNMP tree to which the access applies.
  8. For the Access setting, select an access level, either Read Only or Read/Write. This access level applies to the user name that you specified previously.
  9. Click Finished.
When you use the Configuration utility to assign an access level to a user, the utility updates the snmpd.conf file, assigning only a single access setting to the user.

Implementation result

When you use the Configuration utility to assign an access level to a community, the utility updates the snmpd.conf file, assigning only a single access setting to the community. This figure shows a sample snmpd.conf file when you use the Configuration utility to grant read/write access to a community:

rocommunity public default rwcommunity public1 127.0.0.1 .1.3.6.1.4.1.3375.2.2.10.1

In this example, the string rocommunity identifies a community named public as having the default read-only access level (indicated by the strings ro and default). This read-only access level prevents any allowed SNMP manager in community public from modifying a data object, even if the object has an access type of read/write.

The string rwcommunity identifies a community named public1 as having a read/write access level (indicated by the string rw). This read/write access level allows any allowed SNMP manager in community public1 to modify a data object under the tree node .1.3.6.1.4.1.3375.2.2.10.1 ( ltmVirtualServ) on the local host 127.0.0.1, if that data object has an access type of read/write.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)