This topic describes the steps of migrating the PW.SRC
and SNMPTRAP.DEST files to the SNMPD.CONF file.
Procedure
Perform the following steps to migrate the PW.SRC and
SNMPTRAP.DEST files to the SNMPD.CONF file:
- For each community name defined in the the PW.SRC file,
create an SNMP_COMMUNITY statement in the SNMPD.CONF file. This identifies
the community names defined to the agent.
_______________________________________________________________
- Create TARGET_ADDRESS entries to identify the address range
permitted to use a particular community name. For each SNMP_COMMUNITY
entry and for each range of addresses for which it is used, create
a TARGET_ADDRESS entry. The TARGET_ADDRESS entries refer to related
TARGET_PARAMETERS entries.
_______________________________________________________________
- Create TARGET_PARAMETERS entries to identify the security
model (SNMPv1 or SNMPv2c) to be used with the address on the corresponding
TARGET_ADDRESS entries.
_______________________________________________________________
- Define the following entries to determine which SNMP communities
get access to which pieces of data and the type of access that they
are allowed:
- VACM_GROUP
- Specify one entry for each security model (in this case SNMPv1
or SNMPv2c) and use the community names from the PW.SRC file.
- VACM_VIEW
- Specify one entry for each set of MIB object identifiers that
you want to protect.
- VACM_ACCESS
- Specify one entry that ties together the VACM_GROUP and VACM_VIEW
entries and defines each group/view permission. You can define the
group’s permission to read, write, and receive notifications
for the defined views.
_______________________________________________________________
- To continue sending notifications, convert the entries
in the SNMPTRAP.DEST file to entries in the SNMPD.CONF file.
- Add one NOTIFY entry for type TRAP.
- Add one TARGET_ADDRESS statement for each manager that receives
a TRAP.
- Optionally, configure a TARGET_PARAMETERS entry to identify the
message model used in sending notifications to particular destinations.
The default is SNMPv1, or specify SNMPv2c. Encryption and authentication
are not used.
_______________________________________________________________
Example
For an example of using SNMPD.CONF statements to configure
community-based security, see Figure 1.