clsnmp.conf File

Purpose

Contents are used by the clsnmp command to identify a host on which an SNMP agent is running.

Description

The contents of the clsnmp.conf file used by the clsnmp command are as follows. Each entry identifies:
  • a host on which an SNMP agent is running,
  • the administrative model used to communicate with the host at that agent,
  • and the security parameters to be used in the communication.
An entry in the clsnmp.conf file has the following syntax:
winSnmpName targetAgent admin secName password context secLevel authProto 
authKey privProto privKey
where:
winSnmpName
An administrative name by which the winSNMP code used by clsnmp can locate an entry in this configuration file. This value is to be specified on the -h keyword for the clsnmp command. The valid value must be a character string of 1 to 32 characters. There is no default value.
targetAgent
Identification of the target SNMP agent. By default, the port at which the agent is to receive requests is 161. To specify a port other than 161, use the syntax of:
host:port_number (host colon port_number)
The attribute must have one of the following values:
  • A host name of 1 to 80 characters.
  • An IPv4 address that must be in the form of a.b.c.d , where a, b, c, and d are in the range of 0 through 255.
  • An IPv6 address. If the port number is specified, it must be of a value that ranges from 1 through 65535.
admin
Specifies the administrative model supported by the targetAgent. The following values are valid:
snmpv1
Indicates community based security with SNMPv1 message protocol data units.
snmpv2c
Indicates community based security with SNMPv2 message protocol data units.
snmpv3
Indicates user based security (USM) with SNMPv3 message protocol data units.
There is no default value.
secName
Specifies the security name of the principal using this configuration file entry. For user-based security, this is the userName. The user must be defined at the targetAgent. This field is ignored unless snmpv3 is specified for the admin keyword. The valid value must be a user name of 1 to 32 characters. There is no default value.
password
Specifies the password to be used in generating the authentication and privacy keys for this user. If a password is specified, the values of the authKey and privKey fields will be ignored.
Note: the use of password instead of keys in this configuration file is not recommended, as storing passwords in this file is less secure than using keys.
This field is ignored unless snmpv3 is specified for the admin keyword. The valid value must be a password of 8 to 64 characters. A '-' (dash) indicates the default. The default value is no password.
context
Specifies the SNMP contextName to be used at the target agent. Note, the contextName is needed only at agents that support multiple contexts. Otherwise, the only context supported is the null context, which is the default value of this keyword. The CS for OS/390® SNMP agent does not support multiple contexts. This field is ignored unless snmpv3 is specified for the admin keyword. The valid value must be a contextName of 1 to 40 32 characters. A '-' (dash) indicates the default. The default value is the null context ("").
secLevel
Specifies the security level to be used in communicating with the target SNMP agent when this entry is used. This field is ingored unless snmpv3 is specified for the admin keyword.
Note: Privacy will be supported on CS for OS/390 V2R7 only in a separately orderable FMID. It will not be supported in the base FMID.
These values are valid: noAuthNoPriv or none which indicates no authentication or privacy requested. AuthNoPriv or auth indicates authentication is requested, but privacy is not requested. AuthPriv or priv indicates both authentication and privacy are requested (only supported in the additional encryption product) . A '-' (dash) indicates the default. The default value is none (noAuthNoPriv).
authProto
Specifies the SNMP authentication protocol to be used in communicating with the target SNMP agent when this entry is used. This field is ignored unless snmpv3 is specified for the admin keyword. The following values are valid:
HMAC-MD5
Indicates HMAC mode MD5.
HMAC-SHA
Indicates HMAC mode SHA.
A '-' (dash) indicates the default. The default value is no authentication.
authKey
Specifies the SNMP authentication key to be used in communicating with the target SNMP agent when this entry is used. This key must be the non-localized key. This field is ignored if the password keyword is used. This field is ignored unless snmpv3 is specified for the admin keyword and a non-default value is specified for authProto. The following values are valid:
  • A key of 16 bytes (32 hex digits) when authProto is HMAC-MD5
  • A key of 20 bytes (40 hex digits) when authProto is HMAC-SHA
A '-' (dash) indicates the default. The default value is no key.
privProto
Specifies the SNMP privacy protocol to be used in communicating with the target SNMP agent when this entry is used.
Note: Privacy will be supported on CS for OS/390 V2R7 only in a separately orderable FMID. It will not be supported in the base FMID.
If privacy is not supported, this keyword will be ignored. This field is ignored unless snmpv3 is specified for the admin keyword. The following values are valid:
  • DES - for CBC-DES (only supported in the additional encryption product)
A '-' (dash) indicates the default. The default value is no privacy.
privKey
Specifies the SNMP privacy key to be used in communicating with the target SNMP agent when this entry is used. This key must be the non-localized key. This field is ignored if the password keyword is used. If privacy is not supported, this keyword will be ignored. The privacy and authentication keys are assumed to have been generated using the same authentication protocol (e.g., both with HMAC-MD5 or both with HMAC-SHA). This field is ignored unless snmpv3 is specified for the admin keyword and a non-default value is specified for privProto. The following values are valid:
  • A key of 16 bytes (32 hex digits) when authProto is HMAC-MD5
  • A key of 20 bytes (40 hex digits) when authProto is HMAC-SHA
A '-' (dash) indicates the default. The default value is no key.

General Usage Rules

As the clsnmp command supports both issuance of SNMP requests and receipt of SNMP traps, the entries in the clsnmp.conf file must be defined for both uses. Multiple entries for the same USM user are allowed within the file. This may be useful to define different security levels for the same user. If multiple entries for the same USM user are defined, be aware that only the first one in the file can be used for receiving notifications. If multiple entries for the same USM user are defined and the user will be used for receiving notifications, the definition with the highest (most stringent) securityLevel should be defined first. Doing so will allow the user to be used for any level of security equal to or lower (less stringent) than the securityLevel defined.