Purpose
Contents are
used by the clsnmp command to identify a host on which an SNMP
agent is running.
Description
The contents
of the
clsnmp.conf file used by the
clsnmp command are
as follows. Each entry identifies:
- a host on which an SNMP agent is running,
- the administrative model used to communicate with the host at
that agent,
- and the security parameters to be used in the communication.
An entry in the
clsnmp.conf file has the following
syntax:
winSnmpName targetAgent admin secName password context secLevel authProto
authKey privProto privKey
where:
- winSnmpName
- An administrative name by which the winSNMP code used by clsnmp can locate an entry in this configuration file. This value is to
be specified on the -h keyword for the clsnmp command.
The valid value must be a character string of 1 to 32 characters.
There is no default value.
- targetAgent
- Identification of the target SNMP agent. By default, the port
at which the agent is to receive requests is 161. To specify a port
other than 161, use the syntax of:
host:port_number (host colon port_number)
The attribute must have one of the following values: - A host name of 1 to 80 characters.
- An IPv4 address that must be in the form of a.b.c.d , where a, b, c, and d are in the range of 0 through 255.
- An IPv6 address. If the port number is specified, it must be of
a value that ranges from 1 through 65535.
- admin
- Specifies the administrative model supported by the targetAgent. The following values are valid:
- snmpv1
- Indicates community based security with SNMPv1 message protocol
data units.
- snmpv2c
- Indicates community based security with SNMPv2 message protocol
data units.
- snmpv3
- Indicates user based security (USM) with SNMPv3 message protocol
data units.
There is no default value.
- secName
- Specifies the security name of the principal using this configuration
file entry. For user-based security, this is the userName.
The user must be defined at the targetAgent. This field is
ignored unless snmpv3 is specified for the admin keyword.
The valid value must be a user name of 1 to 32 characters. There is
no default value.
- password
- Specifies the password to be used in generating the authentication
and privacy keys for this user. If a password is specified, the values
of the authKey and privKey fields will be ignored.
Note: the use of password instead of keys in this configuration file is
not recommended, as storing passwords in this file is less secure
than using keys.
This field is ignored unless snmpv3 is specified for the admin keyword. The valid value must
be a password of 8 to 64 characters. A '-' (dash) indicates the default.
The default value is no password.
- context
- Specifies the SNMP contextName to be used at the target
agent. Note, the contextName is needed only at agents that
support multiple contexts. Otherwise, the only context supported is
the null context, which is the default value of this keyword. The
CS for OS/390® SNMP agent
does not support multiple contexts. This field is ignored unless snmpv3 is specified for the admin keyword. The valid value
must be a contextName of 1 to 40 32 characters. A '-' (dash)
indicates the default. The default value is the null context ("").
- secLevel
- Specifies the security level to be used in communicating with
the target SNMP agent when this entry is used. This field is ingored
unless snmpv3 is specified for the admin keyword.
Note: Privacy will be supported on CS for OS/390 V2R7 only in a separately
orderable FMID. It will not be supported in the base FMID.
These
values are valid: noAuthNoPriv or none which
indicates no authentication or privacy requested. AuthNoPriv or auth indicates authentication is requested,
but privacy is not requested. AuthPriv or priv indicates both authentication and privacy are requested (only supported
in the additional encryption product) . A '-' (dash) indicates the
default. The default value is none (noAuthNoPriv).
- authProto
- Specifies the SNMP authentication protocol to be used in communicating
with the target SNMP agent when this entry is used. This field is
ignored unless snmpv3 is specified for the admin keyword. The following values are valid:
- HMAC-MD5
- Indicates HMAC mode MD5.
- HMAC-SHA
- Indicates HMAC mode SHA.
A '-' (dash) indicates the default. The default value
is no authentication.
- authKey
- Specifies the SNMP authentication key to be used in communicating
with the target SNMP agent when this entry is used. This key must
be the non-localized key. This field is ignored if the password keyword is used. This field is ignored unless snmpv3 is specified
for the admin keyword and a non-default value is
specified for authProto. The following values are valid:
- A key of 16 bytes (32 hex digits) when authProto is HMAC-MD5
- A key of 20 bytes (40 hex digits) when authProto is HMAC-SHA
A '-' (dash) indicates the default. The default value is no
key.
- privProto
- Specifies the SNMP privacy protocol to be used in communicating
with the target SNMP agent when this entry is used.
Note: Privacy
will be supported on CS for OS/390 V2R7 only in a separately
orderable FMID. It will not be supported in the base FMID.
If
privacy is not supported, this keyword will be ignored. This field
is ignored unless snmpv3 is specified for the admin keyword. The following values are valid: - DES - for CBC-DES (only supported in the additional encryption
product)
A '-' (dash) indicates the default. The default value is no privacy.
- privKey
- Specifies the SNMP privacy key to be used in communicating with
the target SNMP agent when this entry is used. This key must be the
non-localized key. This field is ignored if the password keyword is used. If privacy is not supported, this keyword will
be ignored. The privacy and authentication keys are assumed to have
been generated using the same authentication protocol (e.g., both
with HMAC-MD5 or both with HMAC-SHA). This field is ignored unless snmpv3 is specified for the admin keyword and
a non-default value is specified for privProto. The following
values are valid:
- A key of 16 bytes (32 hex digits) when authProto is HMAC-MD5
- A key of 20 bytes (40 hex digits) when authProto is HMAC-SHA
A '-' (dash) indicates the default. The default value is no
key.
General Usage Rules
- All parameters for an entry must be contained on one line in the
# configuration file.
- A "-" (dash) is used to indicate the default value for a keyword.
- Sequence numbers are not allowed on the statements.
- Comments may be included in the file beginning with a pound sign
(#) in column 1.
- The secName and password parameters are case-sensitive.
As the clsnmp command supports both issuance of SNMP
requests and receipt of SNMP traps, the entries in the clsnmp.conf file must be defined for both uses. Multiple entries for the same
USM user are allowed within the file. This may be useful to define
different security levels for the same user. If multiple entries for
the same USM user are defined, be aware that only the first one in
the file can be used for receiving notifications. If multiple entries
for the same USM user are defined and the user will be used for receiving
notifications, the definition with the highest (most stringent) securityLevel should be defined first. Doing so will allow the
user to be used for any level of security equal to or lower (less
stringent) than the securityLevel defined.