The configuration file is required when sending requests
to the SNMPv2 or SNMPv3 nodes in your network. The configuration file
can also be used to send SNMPv1 requests.
The syntax of a statement in the configuration file is:
winSNMPname targetAgent admin secName password context secLevel
authProto authKey privProto privKey NOSVIPA
Field definitions
- winSNMPname
- An administrative name that the snmp command uses to locate an
entry in the configuration file. There is no default value. This field
is specified on the -h option (maximum 32 characters).
- targetAgent
- Host name or IP address (IPv4 dotted decimal or IPv6 colon hexadecimal)
of the node of the target agent (maximum 80 characters). There is
no default value. To direct the command to a port other than 161,
specify host..port# (with two periods between
the host and port number). For example, for port 222 at mvs150, specify
mvs150..222. Port number, if specified, must be in the range of 1
to 65535. If the host is specified by a host name or an IPv4 dotted
decimal address and a port number is also specified, a colon (:) can
be used to separate the two values instead of two periods.
- admin
- Specifies the administrative model supported by the targetAgent.
Valid values are:
- snmpv1 - Community-based SNMPV1 security
- snmpv2c - Community-based SNMPV2 security
- snmpv3 - User-based SNMPV3 security
There is no default value.
- secName
- Specifies the security name of the principal using this configuration
file entry. For user-based security, this is the userName. The user
must be defined at the targetAgent. This field is ignored unless snmpv3
is specified for the admin keyword. A valid value is a user name of
1–32 characters. There is no default.
- password
- Specifies the password to be used in generating the authentication
and privacy keys for this user. If a password is specified, it is
used to automatically generate any needed keys and the "authKey" and
"privKey" fields below are ignored. This field is ignored unless snmpv3
is specified for the admin keyword. If no password is desired, set
field to a single dash (-). (The minimum is eight characters, and
the maximum is 64 characters.)
Guideline: You should not
use the password instead of keys in this configuration file, because
using keys is more secure than storing passwords in this file.
- context
- The SNMP contextName to be used at the target agent. The contextName
is needed only at agents that support multiple contexts; otherwise,
the only context supported is the null context, which is the default
value of this keyword. The z/OS® Communications
Server SNMP
agent does not support multiple contexts. This field is ignored unless
snmpv3 is specified for the admin keyword. If the blank "" context
selector is desired, set this field to a single dash (-). (The maximum
is 32 characters).
- secLevel
- Specifies the security level to be used in communicating with
the target SNMP agent when this entry is used. This field is ignored
unless snmpv3 is specified for the admin keyword. Valid values are
noAuthNoPriv or none to indicate that no authentication or privacy
is requested; AuthNoPriv or auth to indicate that authentication is
requested but privacy is not requested; AuthPriv or priv to indicate
that both authentication and privacy are requested; or a dash (-)
to indicate the default value (noAuthNoPriv).
- authProto
- SNMP authentication protocol to be used in communicating with
the target SNMP agent when this entry is used. This field is ignored
unless snmpv3 is specified for the admin keyword. The following values
are valid:
- HMAC-MD5
- HMAC-SHA
- dash (-). Indicates no authentication.
- authKey
- Specifies the SNMP authentication key to be used in communicating
with the target SNMP agent when this entry is used. This key must
be the nonlocalized key. This field is ignored if the password keyword
is used. This field is ignored unless snmpv3 is specified for the
admin keyword and a nondefault value is specified for authProto. Valid
values are 16 bytes (32 hex digits) when authProto is HMAC-MD5 and
20 bytes (40 hex digits) when authProto is HMAC-SHA. A dash (-) indicates
the default value, which is no key.
- privProto
- Specifies the SNMP privacy protocol to be used in communicating
with the target SNMP agent when this entry is used. This field is
ignored unless snmpv3 is specified for the admin keyword. The
following values are valid:
- DES
- Indicates CBC-DES.
- AESCFB128
- Indicates AES 128-bit CFB mode.
- dash (-)
- Indicates the default value, which is no privacy.
- privKey
- Specifies the SNMP privacy key to be used in communicating with
the target SNMP agent when this entry is used. This key must be
the nonlocalized key. This field is ignored if the password keyword
is used. The privacy and authentication keys are assumed to have
been generated using the same authentication protocol (for example,
both with HMAC-MD5 or both with HMAC-SHA). This field is ignored unless
snmpv3 is specified for the admin keyword and a nondefault value is
specified for privProto. Valid values are 16 bytes (32 hex digits)
when authProto is HMAC-MD5, 20 bytes (40 hex digits) when authProto
is HMAC-SHA, or a dash (-) to indicate the default value (no key).
- NOSVIPA
- The NOSVIPA keyword is an optional value. If specified, it indicates
the osnmp command should cause physical interface addresses to be
used as the originating address in packets sent by the osnmp command
to this host. NOSVIPA is disabled by default, meaning that SOURCE
VIPA addresses can be used. If specified, NOSVIPA must be either the
fourth parameter (for community-based security) or the twelfth parameter
(for user-based security).
Statement syntax rules
- All parameters for an entry must be contained on one line in the
configuration file.
- A dash (-) indicates the default value for a keyword.
- Sequence numbers are not allowed on the statements.
- Comments begin with a # character in column 1.
- The secName and password parameters are case sensitive.
- The pwtokey command can be used to generate the authentication
and privacy keys. For information about the pwtokey command, see z/OS Communications Server: IP System Administrator's
Commands.
- Because the osnmp command supports both issuance of SNMP requests
and receipt of SNMP traps, the entries in the OSNMP.CONF file must
be defined for both uses. Multiple entries for the same USM user are
allowed within the file. This can be useful when defining different
security levels for the same user. If multiple entries for the same
USM user are defined, be aware that only the first one in the file
can be used for receiving notifications. If multiple entries for the
same USM user are defined and the user receives notifications, the
definition with the highest (most stringent) securityLevel should
be defined first. Doing so allows the user to be used for any level
of security equal to or lower (less stringent) than the securityLevel
defined.
Restriction: You cannot specify scope information
about any values in the OSNMP.CONF file that represent IP addresses
or host names.