SNMPv3 Configuration



SNMPv3 Overview

 

The version 3 of Simple Network Management Protocol addresses some of the long pending issues related to the large scale deployment of SNMP. Due to lack of security in using SNMP, system and network administrators were using other means such as telnet, ascii, etc., for configuration, accounting, and fault management. The primary goal of SNMP version 3 (SNMPv3) is to define a secure version of the SNMP. SNMPv3 also facilitates remote configuration of the SNMP entities, which make remote administration of SNMP entities a much simpler task. WebNMS has implemented SNMPv3 as defined from RFC2570 to RFC2576.

 

Security Levels in SNMPv3

 

As explained earlier, SNMP version 3 (SNMPv3) is used to provide a secured environment in managing the systems and networks. The SNMPv3 Agent provides support for three level of users. The supported security levels as defined in the USM MIB (RFC 2574) are

Supported Privacy Packages

 

For privacy support, the Encryption packages that can be used are:

To use JCE classes

    1. Download JCE classes 1.2 or 1.2.1 from the following URL: http://java.sun.com/products/jce/

    2. In case JCE 1.2 classes are downloaded, you get the following jar : jce12-rc1-dom.jar

    3. In case JCE 1.2.1 classes are downloaded, you get the following four jars : jce1_2_1.jar; local_policy.jar; sunjce_provider.jar, and US_export_policy.jar

    4. Make sure the jars are placed under <SNMP Adaptor Home> directory.

    5. Also make sure the jars are included in the setenv.bat file CLASSPATH (available in <SNMP Adaptor Home>/bin directory) in the beginning. Please note that the jars are required to be in the CLASSPATH of the SNMP adaptor.

    6. Add the code snippet provided in the table after the following line in the java.security file present in the jre/lib/security folder under the JDK installed in your machine:

security.provider.1=sun.security.provider.Sun

      security.provider.2=com.sun.crypto.provider.SunJCE

    1. Save the java.security file.

    2. The USMUtils.class required for encrypting v3 requests and responses is available in AdventNetSnmpAdaptorFramework.jar under <SNMP Adaptor Home>/jars.

Now, the v3Agent is ready for supporting Privacy.

 

 

To use Cryptix classes

security.provider.1=sun.security.provider.Sun

Now, the v3Agent is ready for supporting Privacy

 

Export Restrictions

 

Encryption packages are bound by Export restrictions.

 

SNMPv3 Configuration Tool Overview

 

For enabling security options to the SNMP v3 agents, WebNMS provides a tool bundled along with the SNMP adaptor. This tool is used to configure USM user tables and VACM entries for SNMPv3 agent. These USM and VACM entries are persisted to the serialised files namely defaultsnmpv3.ser and snmpv3.ser. To start an agent with the version SNMP v3, these serialised files must be present in the conf directory under the adaptor's working directory. These files will be automatically generated if you specify the SNMP version as v3 in the UI (Both JBoss SNMP Deployer and SNMP Configuration Wizard) .Otherwise you must copy these files from <SNMP Adaptor Home>/conf/defaultV3Settings directory to the conf directory of the adaptor's working directory.

 

This book explains how the users and the vacm details can be configured using the tool provided. The SNMPv3 Configuration tool has a powerful and intuitive user interface facilitating the task of making an SNMPv3 query much easier. This application can be started on executing the v3apps.bat (for Windows/NT users) or v3apps.sh (for linux/solaris users) present under <SNMP Adaptor Home>/bin. This tool supports the User Based Security Model (USM) and the View Based Access Control Model (VACM) of SNMPv3. The VacmTables can be skipped if the user does not require the access verifications to be done for the users configured.

 

User Interface

 

The application comes with powerful wizards and allows the developer to configure the necessary information needed before making an SNMPv3 request:

 

 

The icons provided in this tool perform the following functions:   

Using these icons in the toolbar, USM and VACM configurations can be done.



Copyright © 2009, ZOHO Corp. All Rights Reserved.