[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference azur::mcc

Title:	DECmcc user notes file. Does not replace IPMT.
Notice:	Use IPMT for problems. Newsletter location in note 6187
Moderator:	TAEC::BEROUD

Created:	Mon Aug 21 1989
Last Modified:	Wed Jun 04 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	6497
Total number of notes:	27359

383.0. "SET SNMP ULTRIX Capabilities?" by WLW::ZIGLER (Tom Zigler, DTN 432-7541) Thu Oct 04 1990 21:14

I am currently running the DECmcc BMS V1.0 SSB software on a VAXstation 
3200 running VMS V5.3.  In addition I have installed the SNMP V1.1 AM 
and can successfully perform SHOW commands to a DECstation 3100 running 
ULTRIX V4.0 which has an SNMP agent.  I modified the /etc/snmpd.conf 
file on the DECstation 3100 to look like this by running SNMPSETUP:

	COMMUNITY	PUBLIC		0.0.0.0		READ-WRITE

Questions:

1) What SNMP parameters does ULTRIX allow one to change from the DECmcc 
BMS V1.0 SNMP AM?  One source indicates that only the ifAdminStatus
parameter can be changed.  If so, this fact will impede our efforts to 
leverage future PCSA ULTRIX sales by promoting the concept of SNMP 
management from the DECmcc BMS/SNMP NETstation!

2) So far, I am experiencing time-outs from issuing the following 
command from DECmcc:

	SET SNMP DS3100 INTERFACE 1 ifAdminStatus = TESTING

What must I do to make this work?


		\Thanks in Advance

T.R	Title	User	Personal Name	Date	Lines
383.1		MKNME::DANIELE		`Fri Oct 05 1990 09:50`	40
	In addition I have installed the SNMP V1.1 AM A nit, there isn't a 1.1 SNMP AM. Just 1.0. You have DECmcc 1.1. 1) What SNMP parameters does ULTRIX allow one to change from the DECmcc BMS V1.0 SNMP AM? One source indicates that only the ifAdminStatus parameter can be changed. If so, this fact will impede our efforts to leverage future PCSA ULTRIX sales by promoting the concept of SNMP management from the DECmcc BMS/SNMP NETstation! Yes, I believe that's the only one allowed by the Ultrix V4 SNMP agent. The issue with SNMP in general is that there isn't much in the way of security, so most network administrators don't allow SET via SNMP. This will probably change in the next year, as the authentication and privacy MIBs and rules become standardized. You might want to post this in MKNME::SNMP. 2) So far, I am experiencing time-outs from issuing the following command from DECmcc: SET SNMP DS3100 INTERFACE 1 ifAdminStatus = TESTING I believe the community name is case sensitive on Ultrix. The default community used by the AM is "public". Try SET SNMP DS3100 INTERFACE 1 ifAdminStatus = TESTING, by password "public" If that works, you might want to alter the Ultrix file accordingly. Finally, please note that by doing so you will have configured your agent to accept SET requests from ANY IP address, AND using the default community name. Regards, Mike
383.2	timeout is probably correct	MKNME::DANIELE		`Fri Oct 05 1990 09:53`	4
	I forgot to mention, as stated in the Use book section on access control, an SNMP agent is required to discard unauthorized packets. So the timeout is the expected behavior if the community name doesn't match.
383.3	sigh... PUBLIC!	MKNME::DANIELE		`Fri Oct 05 1990 17:20`	2
	And of course, what I really meant in .1 was ,by password "PUBLIC" not "public".
383.4	You can only set what the agent lets you set	ASD::MINTZ	Erik Mintz, MS ZKO3-2/S11, dtn 381-2331	`Mon Oct 08 1990 10:17`	13
	>1) What SNMP parameters does ULTRIX allow one to change from the DECmcc >BMS V1.0 SNMP AM? One source indicates that only the ifAdminStatus >parameter can be changed. If so, this fact will impede our efforts >parameter can be changed. If so, this fact will impede our efforts to >leverage future PCSA ULTRIX sales by promoting the concept of SNMP >management from the DECmcc BMS/SNMP NETstation! >> Yes, I believe that's the only one allowed by the Ultrix V4 SNMP agent. And I believe that ifAdminStatus is the only parameter that is settable in most SNMP agent implementations. Also note that the restriction on what is settable is a characteristic of the SNMP agent, independent of which manager is being used.
383.5		CAPN::SYLOR	Architect = Buzzword Generator	`Mon Oct 08 1990 12:09`	6
	Even allowing ifAdminStatus to be set with SNMP is pretty dumb. You can easily turn off a Router that way and bring down a whole network. How long will it be before some enterpising hacker crashes the Internet this way? Mark
383.6	That's why most system managers disable it	ASD::MINTZ	Erik Mintz, MS ZKO3-2/S11, dtn 381-2331	`Mon Oct 08 1990 14:44`	5
	>Even allowing ifAdminStatus to be set with SNMP is pretty dumb. Yup. While the ULTRIX snmp agent SUPPORTS set for ifAdminStatus, the default config file has "community public 0.0.0.0 read-only". Changing the access to allow sets is not a real great idea.
383.7	don't panic	MKNME::DANIELE		`Fri Oct 12 1990 19:47`	16
	>Even allowing ifAdminStatus to be set with SNMP is pretty dumb. I don't think it's really a problem. This refers to the latest adminstrative request to set the interface. It's usually not tied to anything real. That is, even setting this to off won't cause the agent to REALLY shut down the interface, it will merely change the value of ifAdminstatus. The ACTUAL status of the interface is returned by ifOperstatus, which is NOT settable by Ultrix SNMP agnts. ( I don't think MIB I even defines it as writeable. ) Most agents don't let you set anything. Period. When a standard for security is adopted, I believe SNMP will start being use to actually manage. This should happen in 91. We're not the first to think about SNMP, SET, and security.