8.1 Adding SNMP Devices

The following is an overview of how to add non-Sun SNMP devices to your management database.

If you are using SNMP to manage Sun workstations that contain the SNM-supplied SNMP agent (snmpd), you can skip this task and proceed to the section on "Creating an SNMP Element in the Database."

1. Install the device on the network.

2. Obtain the schema file for the device.

3. Configure the SNMP proxy agent.

   The schema file should reside in a directory specified by na.snmp.schemas in the snm.conf file, for example:

# @(#)snm.conf2.36 6/30/96 - SunNet Manager configuration file # Copyright (c) 1990,1993,1996 by Sun Microsystems Inc. # Site-specific configuration information ### Keywords for the SNMP proxy agent: # Directory list for SNMP schema files. Separate each directory # with a colon. na.snmp.schemas /opt/SUNWconn/snm/agents

4. On the Console system, load the schema file.

   Skip this step if you are using the SNMP schema files provided with SNM (snmp.schema for MIB I devices, or snmp-mibII.schema for MIB II devices). The schema file should reside in a directory specified in the SNM Console Properties window.

5. Create the device in the Console.

   See "Creating an SNMP Element in the Database" for information about this step.

The following is a detailed explanation of each step:

1. Install the device on the network.

   Refer to the device documentation for installation information. If the device sends SNMP traps that you want forwarded to the SNM Console, you will also want to set up the SNMP trap daemon and Console for trap handling. See "Setting Up SNM to Receive Traps from a Device" for more information.

2. Obtain the schema file for the device.

   SunNet Manager uses schema files to manage objects. You can obtain a schema file in one of several ways:

• The vendor of the SNMP device may provide a SunNet Manager schema file. If the SNMP device sends enterprise-specific traps, the vendor may also supply a file that describes these traps--see "Setting Up SNM to Receive Traps from a Device" for more information about setting up SNM to handle enterprise-specific traps.
• The snm-server@sun.com electronic mail server maintains a collection of schema files for various SNMP devices. For information on accessing the mail server, see "SunNet Manager Electronic Mail Distribution Service" in the Preface of this book.
• If the SNMP device adheres to MIB I or MIB II specifications, you can use one of the schemas supplied with SNM--either snmp.schema (for MIB I) or snmp-mibII.schema (for MIB II). If you installed the SNMP proxy agent with getagents, the Sun-supplied SNMP schemas are automatically copied onto the host system with other schemas.
• Starting with version 2.3, SunNet Manager schemas for several RFC MIBs are bundled.
• If you do not have a schema file for the device that you want to manage, you can create a schema file from the MIB for the device with the mib2schema utility. Refer to "Part2: Reference" for more information.

  Change the name of the schema, if necessary. The schema name is not the schema file name. The schema name is specified by the keyword proxy in the schema file. If mib2schema was used to generate the schema file, this name is derived from the name of the MIB (not the MIB file name). This is

the name that will appear in the list of agent schemas for each element. Therefore, you may want to edit this name to ensure that it is meaningful to you.

3. Configure the SNMP proxy agent.

   a. A single proxy agent can handle management requests for many devices. You can allow the SNMP proxy agent on the manager station to handle all SNMP requests. However, you may want to distribute the proxy agent to minimize network traffic--see "Management Applications and Agents" for more information.

   b. On the proxy system, make sure that the schema file is available to the SNMP proxy agent. The schema file should reside in a directory specified by the na.snmp.schemas keyword in the snm.conf file on the proxy system. By default, the snm.conf file is located in the following directory:

• /etc for the Solaris 1.1.1 version of the current SunNet Manager

product

• /etc/opt/SUNWconn/snm for the Solaris 2.x version of the current

SunNet Manager product

---

Note - If you modify the snm.conf file while the SNMP proxy agent is running, you need to kill the proxy agent (na.snmp) for the changes to take effect. Refer to the Solstice Site/SunNet/Domain Manager Troubleshooting Guide for information on how to kill the agent.

---

4. On the Console system, load the schema file.

   Skip this step if you are using the SNMP schema files provided with SNM (snmp.schema for MIB I devices, or snmp-mibII.schema for MIB II devices).

   To load the schema file into the Console:

   a. Start the Console.

   b. Use the Load >> Management Database option in the File menu to load the schema file.

   c. Make sure that the schema file is located in a directory that is specified by the Schema Directories setting in the Console Properties window.

8.2 Creating an SNMP Element in the Database

The IP Discover Tool automatically creates SNMP elements. You can specify an option in IP Discover that allows you to discover only SNMP elements or SNMP elements in combination with other types of elements. See "Part 2: Reference" for a description of the IP Discover Tool.

To create SNMP elements one-at-a-time, use the Console's graphical editor. Using this method, creating an element that will be managed with the SNMP proxy agent is essentially the same as creating any element in your database. To define an SNMP element instance in a Console view, you specify SNMP-specific information about that element in the Properties window.

1. Move the mouse pointer to the Edit button and press MENU to open the Edit menu. Release MENU over the Create option. You receive the Create Object window:

Figure 8-1

2. Click SELECT on the category of element and type of element you want. Then click SELECT on Create.

3. Fill in the Properties window for the element.

   The top portion of the Properties window is the element data. You must fill in the Name field; other fields are optional. Specify the SNMP Read Community and SNMP Write Community fields for the element. Although

filling in the SNMP fields (including SNMP Vendor Proxy and SNMP Timeout) is optional, you should understand how the proxy agent uses this information--see the discussion below.

The middle portion of the Properties window is the list of agent schemas that the Console knows about. Check the schemas that apply to the device. There are three SNMP schemas supplied with SunNet Manager: snmp describes the MIB I, snmp-mibII describes MIB II, and sun-snmp is the schema file for the SNMP agent (snmpd) for Sun workstations. If you loaded any additional schemas into the Console, the names of these schemas appear in the schemas list. Note that the schema name is not the schema file name. The schema name is specified by the keyword proxy in the schema file. See "Adding SNMP Devices" for more information about setting the schema name.

4. Click SELECT on the Apply button in the properties window.

   A glyph for the element you just defined appears with the name you specified.

Figure 8-2 shows a properties window for a new component that has the SNMP schemas checked.

Figure 8-2

Field Values The values in the fields SNMP Read Community, SNMP Write Community, SNMP Vendor Proxy, and SNMP Timeout are sent with the request to the SNMP proxy agent. If you do not specify values in the SNMP Read Community, SNMP Write Community, and SNMP Timeout fields, the SNMP proxy agent uses the following values:

• Read community is "public."
• Write community is "public."

• Timeout will be the value (in seconds) specified by the keyword na.snmp.request_timeout in the snm.conf file on the system where the SNMP proxy agent resides. The keyword's supplied value is 5 (seconds).

Vendor Proxy Field SNMP Vendor Proxy is an optional field that specifies the name of a proxy system with which the SNMP proxy agent will communicate. Normally, you do not need to specify a value for this field. If this field is used, the SNMP request is passed through the element to a secondary proxy. This field should only be specified when a vendor has supplied an SNMP proxy agent to manage a particular device or set of devices that do not support IP connectivity. The vendor's SNMP proxy agent communicates with the SunNet Manager SNMP proxy agent through SNMP, but communicates with the element using either SNMP or a different protocol.

Agent Schema Files You can select multiple SNMP agent schema files for an element. However, only one schema is associated with each request. Merely checking an SNMP agent schema on the Properties window does not make the element manageable through the SNMP proxy agent. SNMP agent software must be installed and running on the SNMP device. The MIB for the device must contain the same data definitions as the schema file used by the Console and the SNMP proxy agent.

The blank lines next to the SNMP agent schema names allow you to specify the name of the system on which the SNMP proxy agent resides. This system name is for a default proxy system. You can specify a different proxy system name for each request. If you do not specify a proxy system in the Properties window or in the report request, the system on which the Console is running is assumed to be where the proxy agent resides.

8.3 Setting Up SNM to Receive Traps from a Device

Many SNMP devices send out unsolicited or unexpected reports called traps. For example, a trap may be sent when a device is restarted. When the SNMP trap daemon receives traps, it will forward all or only selected traps to one or more SNM Consoles.

1. Determine the location of the SNMP trap daemon.

   See the discussion later in this section.

2. If you want to define the priority of traps or discard traps based on enterprise-specific traps of host-specific traps, create file entries for these traps.

   For example:

# # Example traps enterprise 1.3.6.1.4.1.42 1 CPU_Failure high 2 Power_Supply_Failure medium 3 Network_Connection_Failure low 4 Over_Heating discard 5 RealTimeClock_Failure discard

Setting Enterprise-Specific Trap Priorities Starting with version 2.3 of SunNet Manager, you can assign low, medium, or high priority to an enterprise-specific SNMP trap. Enter the priority into the trap configuration file (snmp.traps) after the trap description field. For example:

# # Sample traps host shanghai 1 CPU_Failure high 2 Power_Supply_Failure medium 3 Network_Connection_Failure low 4 Over_Heating discard 5 RealTimeClock_Failure discard

If you choose to discard all traps from an enterprise or assign a priority to all traps for an enterprise, you can specify this on the keyword values next to the Object Identifier following the enterprise keyword. For example:

# # Sample traps 1 snmp.traps enterprise 1.3.6.1.5.1.75 discard

The snm.conf file includes the following priority keyword:

na.snmp.trap.default-priority

The default value is low; however, any of the three values can be used. If you change the value, stop and restart the trap daemon, na.snmp-trap. An enterprise specific trap priority overrides the priority specified by na.snmp.default-priority in the snm.conf file.

Setting Host Specific Trap Filters Starting with version 2.3, you can specify filters based on certain hosts. What you specify overrides any enterprise-specific filter. The keyword, <host>, can be used in the snm.conf file followed by the ip_address or host name and a priority keyword. Each line beginning with the keyword <host> can be followed by subsequent lines describing the action, description, or priority for each trap. For example:

<host> 139.146.75.165 discard
<host> 149.136.75.200 medium
    6 TEMP_HIGH high
    10 PORT_TEST_FAIL discard

Precedence Values The snm.conf file specifies general priority for all traps. The trap daemon will compare oid entries with specific settings specified in snmp.traps when it receives a trap. If a particular trap has an oid entry in snmp.traps, the na.snmp-trap daemon will take the priority of the enterprise trap. The na.snmp-trap daemon searches for the hostname of the target trap. If the name is present, the daemon will use it as this trap's priority.

3. Specify where the trap daemon should forward the traps.

Forwarding Traps Starting with version 2.3 of SunNet Manager, you can forward all raw trap PDU packets to other workstations or to a different port on the same machine using the keyword na.snmp-trap.forward. You can specify a maximum of two hosts and the appropriate UDP ports to which the trap PDUs are to be forwarded.

Add the keyword na.snmp-trap.forward.snmp-traps: <hostname>,<port>: <hostname>,<port> in the snm.conf file. You can specify more than one host name--separate each host name with a colon (:).

Use the keyword na.snmp-trap.rendez to forward a SunNet Manager format SNMP trap to one or more consoles. Add the keyword to the snm.conf file.

If you modify the snm.conf file while the SNMP trap daemon is running, you must kill the trap daemon (na.snmp-trap) for the changes to take effect. For example:

### Keywords for the SNMP trap proxy on wordstwo: # default file name of per-enterprise traps na.snmp-trap.default-trapfile /var/adm/snm/snmp.traps # na.snmp-trap.rendez rubicon

(Refer to the Solstice Site/SunNet/Domain Manager Troubleshooting Guide for information on how to kill the daemon.)

4. On the SNMP device, specify that traps be sent to the host where the trap daemon resides.

   See the discussion below. Typically, you would specify the IP address of the host system. However, this is very device-specific. Refer to the device documentation to find out how to do this.

---

Warning - Use SNMP trap forwarding to forward SNMP traps with caution. If you forward traps within the SunNet Manager environment, and infinite loop (machine A->machine B->machine A) may occur, exhausting machine resources in the process and increasing the burden on network traffic. If an infinite loop should occur, see the Solstice Site/SunNet/Domain Manager Troubleshooting Guide for resolution.

---

Trap Messages A single trap daemon can accept trap messages from many devices. The trap daemon does not need to reside on the SNMP proxy agent system or the Console system. Like proxy agents, the SNMP trap daemon can be distributed in a network to reduce network traffic and distribute the processing load between systems. See Chapter 1, "Overview and Concepts" for more information. For example, you might want to have traps from all of the SNMP devices on a subnet sent to one host system. The trap daemon on this system can then forward some or all of these traps to selected Console system(s).

Types of Traps The SNMP protocol defines six generic types of traps. In addition to returning generic traps, an SNMP device may return enterprise-specific traps, which are defined by the device vendor. (See the device documentation for information on enterprise-specific traps.) Enterprise-specific traps are usually defined in the device MIB. If the MIB for the device contains enterprise-specific traps and you used the mib2schema utility to generate a schema file, a trap file, such as snmp.traps, is automatically generated. This file may be copied into place or its contents can be appended to the existing trap file. (See the mib2schema(1) man page for more information.) Otherwise, create an snmp.trap file as described in "Part 2: Reference."

Discarding Traps You may determine that certain generic or enterprise-specific traps do not need to be forwarded to the Console. For example, you may decide that a trap does not need to be sent to the Console every time a device is warm-started. You can add the optional keyword "discard" to trap definition entries in the trap file--see the trap file syntax in "Part 2: Reference." The default trap file contains trap definitions according to enterprise ID. If multiple devices on the network use the same enterprise ID and all the trap file entries apply to each device, add the trap entries to the default trap file. The default trap file is specified by the keyword na.snmp-trap.default-trapfile in the snm.conf file on the system on which the trap daemon resides. Normally, the default trap file name is:

• /var/adm/snm/snmp.traps for the Solaris 1.x version of the current product.
• /var/opt/SUNWconn/snm/snmp.traps for the Solaris 2.x version of the current product.

Trap Priorities and Filters See "Setting Trap Priorities" and "Setting Trap Filters" earlier in this chapter for information about these features.

If multiple devices on the network use the same enterprise ID, but the trap file entries apply to only specific device names, define an entry for each device in the SNMP host file. Refer to "Part 2: Reference."

8.4 Using the Set Tool to Retrieve SNMP Attribute Values

You can use the Console to obtain Quick Dumps and data, event, and trap reports on SNMP devices, just as with any other type of device. See the following chapters for steps to get this information: Chapter 4, "Requesting Data," Chapter 5, "Specifying Event Requests" and Chapter 6, "Viewing Reports."

For SNMP devices you can also use the Set Tool to retrieve SNMP attribute values. Retrieving attribute values with the Set Tool allows you to examine an attribute's current value before you change it--see Section 8.5, "Using the Set Tool to Change SNMP Attribute Values," on page 8-18 for information on changing attribute values.

1. Move the mouse pointer over the glyph that represents the target SNMP device and press MENU to open the Glyph menu.

2. Drag the mouse pointer down to Set Request. Drag right over the desired agent schema name and continue to drag right over the desired group or table name. For example:

Figure 8-3

In your response to your menu selection, you receive a window such as the one shown in Figure 8-4.

Figure 8-4

3. In the Set Tool window, specify the key or options for the request.

   If the group is a table and you know the key of the row you want, type in the key value in the Key field. If you do not specify a key value, when you SELECT the Get button (in the next step) the first row of the table will be

displayed by default and the Key menu generated. You can then choose a value from the Key menu by pressing MENU on the abbreviated menu button.

You can specify an SNMP read-community name in the Options field if it is different from the read-community you have previously specified in the Properties window for the element.

4. Click SELECT on the Get button. The attribute values are displayed in the attribute list.

   You can see detail on an attribute by clicking SELECT on the Details button. Figure 8-5 is an example of information available.

   Name: is the name of the attribute

   Type: is the type of the attribute. If the attribute is an enumeration, the valid values will be displayed.

   Access: indicates what access categories are assigned to the attribute

   Description: gives the meaning of the attribute

Figure 8-5

8.4.0.1 Retrieving Other Attribute Values

In the control panel at the top of the Set Tool window, you can change the attribute group or agent schema name (or both) to retrieve attribute values for other attribute groups or for other agent schemas used by the target device.

• To change the agent schema:

a. Move the mouse pointer over the Agent abbreviated menu button. b. Press MENU to open the list of agent schemas available for the target element.

c. Drag the mouse pointer to the desired agent schema and release.

Figure 8-6

• To change the attribute group:

  a. Move the mouse pointer over the Group abbreviated menu button. b. Press MENU to open the list of attribute groups specified in the agent schema.

  c. Drag the mouse pointer to the desired group and release. d. If the group is a table and you know the key of the row you want, type in the key value in the Key field.

Figure 8-7

8.5 Using the Set Tool to Change SNMP Attribute Values

A set request is used to request an agent to change the value of a particular attribute. With one Set Tool operation, you can send set requests to different agents for multiple attributes with one Set Tool operation.

1. Move the mouse pointer over the glyph that represents the target SNMP device and press MENU to open the Glyph menu.

2. Drag the mouse pointer down to Set Request. Drag right over the desired agent schema name and continue to drag right over the desired group or table name. You receive a Set Tool such as the one shown in Figure 8-4 on page 8-15.

3. In the Set Tool window, specify the key or options for the request.

   If the group is a table, type in the key value in the Key field. If you do not know the key, retrieve the available key values by clicking SELECT on the Get button.

4. Enter the new value on the line provided in the New Value column and press Return. The new value is shown in the lower portion of the window.

5. To change another attribute in a different attribute group or agent schema, use the Group and Agent abbreviated menu buttons.

   All the attributes in the selected group appear in the attribute list. If you want to change the value of an attribute of a row in a table, you must supply the key for that row. You can also click the Get button to display the current values of the attributes.

   You can specify an SNMP write-community name in the Options field if it is different from the write-community you have previously specified in the Properties window for the element.

6. Repeat the previous three steps until you have entered all the attribute changes you want to make for the target element.

   Note that the new attribute values are collected in the Set Information list. This allows you to view your changes and edit them, if necessary, before the actual set request is made.

7. To send the set request with the new value(s), SELECT the Set button at the top of the control panel.

   When the Set request has been successfully completed, the Set Information list is cleared.

8.5.1 Setting Attributes

If you are allowed to set an attribute, a line is provided in the New Value column to the right of the Current Value in the attribute list. (Current Value is also provided for attributes that cannot be set; however, no lines are provided in the New Value column.) Attributes of enumeration data types that you can set have an abbreviated menu button displayed in the New Value column; press MENU on the menu button to choose the desired new value.