9 snmp configuration – Sonnet Technologies Fusion RAID Configuration Tool and Utilities Operation Manual User Manual

46

1.9 SNMP Configuration

Disabled Mode
This mode disables the operation of the ATTO SNMP agent. Any
network ports it has open to support SNMP are closed, making
it inaccessible to any Management Station. The system service
will not forward requests to it, and no TRAPs are sent out when
events occur.

Basic Setup
The ATTO SNMP agent can be configured through the SNMP tab
on the localhost node. When you first enter the SNMP tab, and
until you commit a new mode, the SNMP mode will be Disabled.
The various settings can be manually edited, but the simplest way
to enable SNMP support in this case is to click the Default button
and then click Commit. This will load the proper settings based
on your current system configuration, and then reconfigure the
agent to use them. The operational mode (enabled or subagent)
and port will be selected based upon whether or not an operating
system SNMP service is running.

Note: The System Service and TRAP Service states are not updated

dynamically as they change in the system. They can be
manually updated at any time by clicking Refresh.

Note: In order to properly secure access to the agent from the local

machine, it is suggested you change the default string in the
Communities list before committing the default settings.

This basic setup will allow you to browse the information that is
made available by the agent with a 3rd party application, but will
not send out TRAPs. TRAP destinations are network specific, and
cannot be determined programmatically.

Configuration Options

Agent Port
This value specifies the UDP port that the ATTO SNMP agent
listens on for incoming Management Station requests. The
port cannot be used by any other process on the system, or the
behavior of both the agent and the other process is undefined.
The standard port value for SNMP is 161, but that is not the
default value in subagent mode, because it is assumed that the
system service is using that port.

Note: A binding error may not occur if the port is already in use. If you

are not sure if a port is in use, use the netstat command.

In enabled mode, this is the port the Management Station uses
to communicate with the agent. In subagent mode however,
the agent will not respond on this port to Management Station
requests from a different machine. The port the Management
Station needs to use is the system service’s port.

Communities
This is a list of community strings accepted by the agent when
it receives an incoming request. If a Management Station makes
a request and provides a community string that is not in this
list, the request is dropped by the agent. If authentication traps
are enabled, one will be sent to each configured destination.
The list can be manipulated through the Add, Edit and Remove
buttons below it. An existing community must be selected to edit
or remove it. A valid community string has a length between 1
and 128 (inclusive) and can include any keyboard character. See
Figure 32 on page 49

Note: In subagent mode, only a single community can be specified

since that is the community used by the Master Agent when
talking to the ATTO SNMP subagent. The communities that
Management Stations must use are configured through the
system service.

Note: For added security in subagent mode, you should change the

default community string. The agent cannot tell the difference
between a local Management Station request and a request from
the system service, which means a local user can bypass the
authentication checks done by the system service if they know
this community string and the agent’s port.

Send Authentication TRAP
When checked, the agent will send a TRAP to the configured
TRAP destinations indicating that a Management Station
attempted to contact the agent and used a community string that
is not in the community list.

Note: In subagent mode, this may only be useful for debugging. The

system service will perform Management Station authentication
based on its configuration, and only forward the request to the
ATTO agent once the Management Station is authenticated. Since
the system service is reconfigured as needed to use the community
string on this pane when forwarding requests, there should not be
authentication errors when the agent processes requests from the
system service. The system service usually has the same option
that can be enabled to see these authentication failures.

Enable TRAPs
When checked, the agent will send traps to the configured
destinations, if any, if the agent itself is not disabled. See

Figure

33 on page 49.