You can use the industry-standard SNMP protocol to manage BIG-IP devices on a network. To do this, you must configure the SNMP agent on the BIG-IP system. The primary tasks in configuring the SNMP agent are configuring client access to the SNMP agent, and controlling access to SNMP data.
To better control access to SNMP data, you can assign an access level to an SNMP v1 or v2c community, or to an SNMP v3 user. There is a default access level for communities, and this access level is read-only. This means that you cannot write to an individual data object that has a read/write access type until you change the default read-only access level of the community or user.
The way to modify this default access level is by using the Configuration utility to grant read/write access to either a community (for SNMP v1 and v2c) or a user (SNMP v3), for a given OID. When you set the access level of a community or user to read/write, and an individual data object has a read-only access type, access to the object remains read-only. In short, the access level or type that is the most secure takes precedence when there is a conflict.
To configure SNMP on the BIG-IP system, you must perform a series of small tasks.
You can use the Configuration utility to specify some basic system information.
When you use the Configuration utility to assign an access level to a community, the utility updates the snmpd.conf file, assigning only a single access setting to the community.
When you use the Configuration utility to assign an access level to a community, the utility updates the snmpd.conf file, assigning only a single access setting to the community. This figure shows a sample snmpd.conf file when you use the Configuration utility to grant read/write access to a community:rocommunity public default rwcommunity public1 127.0.0.1 .18.104.22.168.4.1.3322.214.171.124.1
In this example, the string rocommunity identifies a community named public as having the default read-only access level (indicated by the strings ro and default). This read-only access level prevents any allowed SNMP manager in community public from modifying a data object, even if the object has an access type of read/write.
The string rwcommunity identifies a community named public1 as having a read/write access level (indicated by the string rw). This read/write access level allows any allowed SNMP manager in community public1 to modify a data object under the tree node .126.96.36.199.4.1.33188.8.131.52.1 ( ltmVirtualServ) on the local host 127.0.0.1, if that data object has an access type of read/write.