Setting the Emanate Configuration File Emanate 15.

Emanate 15.1 supports SNMP v3. It makes use of some environment variables
and a configuration file (snmpd.cnf) for its configuration.

Environment

EMANATE uses the following environment variables. In order to use these

variables by master agent started at the services, they have to be set as system
variables. (Control Panel; System; Variable; Value)
SR_AGT_CONF_DIR

= MLOSDisk:\etc\srconf\agt
snmpd.cnf must be installed

//indicates the folder in which

SR_MGR_CONF_DIR

= MLOSDisk:\etc\srconf\mgr
snmpinfo.dat must be installed

//indicates the folder in which

SR_UTIL_SNMP_VERSION
= -v1 (with minus and lowercase v)
SR_UTIL_COMMUNITY= MLOSC (like the entry in snmpd.cnf)

SNMPD.CNF
Emanate 15.1 supports SNMP v3 in addition to v1 and v2. So the configuration file
snmpd.cnf has entries for configuring the different versions.
Configuring SNMP v1
Configuring Communities
In the file SR_AGT_CONF_DIR\snmpd.cnf we have to define a community (MLOSC)
with write permission
#Entry type: communityEntry
#Format: srCommunityAuthSnmpID (octetString)
#
srCommunityName (text)
#
srCommunityGroupName (text)
#
srCommunityContextSnmpID (octetString)
#
srCommunityContextName (text)
#
srCommunityTransportLabel (text)
#
srCommunityMemoryType (nonVolatile, permanent, readOnly)
communityEntry

localSnmpID MLOSC Anyone localSnmpID - - nonVolatile

The string MLOSC should appear in the communityName field of the communityEntry
entry. The community must be assigned to one of the user groups defined using
vacmSecurityToGroupEntry entry. Here the community MLOSC is assigned to the group

Anyone. Here the field srCommunityTransportLabel is set to -. Hence source address

checking is not performed by the Master Agent. It accepts requests from all the hosts
with the community MLOSC. If source address checking is needed, then the
srCommunityTransportLabel must contain a valid tag which maps this entry to a valid
snmpTargetAddrEntry entry which defines external manager IP addresses.
To define user groups the following entry can be used.
#Entry type: vacmSecurityToGroupEntry
#Format: vacmSecurityModel (snmpv1, snmpv2c, snmpv2s, usm)
#
vacmSecurityName (text)
#
vacmGroupName (text)
#
vacmSecurityToGroupStorageType (nonVolatile, permanent,
#readOnly)
vacmSecurityToGroupEntry

snmpv1 MLOSC Anyone nonVolatile

This entry indicates that we are assigning the snmpv1 community MLOSC to the group
Anyone.
A MIB view should be defined to specify the scope of access of this community.
#Entry type: vacmViewTreeFamilyEntry
#Format: vacmViewTreeFamilyViewName (text)
#
vacmViewTreeFamilySubtree (OID)
#
vacmViewTreeFamilyMask (octetString)
#
vacmViewTreeFamilyType (included, excluded)
#
vacmViewTreeFamilyStorageType (nonVolatile, permanent,
readOnly)
vacmViewTreeFamilyEntry All iso - included nonVolatile

This entry creates a MIB view that is arbitrarily called All which includes a point just
below the root of the MIB tree, iso. This mib view provides access to all the MIB nodes.
Access rights are given to user groups instead of communities.
#Entry type: vacmAccessEntry
#Format: vacmGroupName (text)
#
vacmAccessContextPrefix (text)
#
vacmAccessSecurityModel (snmpv1, snmpv2c, snmpv2s, usm)
#
vacmAccessSecurityLevel (noAuthNoPriv, authNoPriv, #authPriv)
#
vacmAccessContextMatch (exact, prefix)
#
vacmAccessReadViewName (text)
#
vacmAccessWriteViewName (text)
#
vacmAccessNotifyViewName (text)
#
vacmAccessStorageType (nonVolatile, permanent, readOnly)
vacmAccessEntry
nonVolatile

Anyone - snmpv1 noAuthNoPriv exact All All All

This entry provides the group Anyone with Write access to the entire MIB tree. Since
the community MLOSC is included in the group Anyone it will get the same access
rights.

Configuring Traps
Trap configuration needs a community name using which traps needs to be sent and the
trap destination.
The configuration should be set for snmpv1 traps.
The following entry is used for configuring the communities to be used for sending the
traps.
#Entry type: snmpTargetParamsEntry
#Format: snmpTargetParamsName (text)
#
snmpTargetParamsMPModel (integer)
#
snmpTargetParamsSecurityModel (snmpv1, snmpv2c, snmpv2s, usm)
#
snmpTargetParamsSecurityName (text)
#
snmpTargetParamsSecurityLevel
(noAuthNoPriv,authNoPriv,authPriv)
#
snmpTargetParamsStorageType (nonVolatile, permanent,
readOnly)
snmpTargetParamsEntry
nonVolatile

v1ExampleParams 0 snmpv1 MLOST noAuthNoPriv

Here the community MLOST will be used to sent SNMP v1 traps. Trap destinations must
be specified using the following entry.
#Entry type: snmpTargetAddrEntry
#Format: snmpTargetAddrName (text)
#
snmpTargetAddrTDomain (snmpUDPDomain, snmpIPXDomain, etc.)
#
snmpTargetAddrTAddress (transport address,i.e.
192.147.142.254:0)
#
snmpTargetAddrTimeout (integer)
#
snmpTargetAddrRetryCount (integer)
#
snmpTargetAddrTagList (text)
#
snmpTargetAddrParams (text)
#
snmpTargetAddrStorageType (nonVolatile, permanent, readOnly)
#
tgtAddressMask (transport mask, i.e. 255.255.255.255:0)
snmpTargetAddrEntry 31 snmpUDPDomain 192.168.1.10:0 100 3 Console
v1ExampleParams nonVolatile 255.255.255.255:0

Here the string v1ExampleParams is used to the trap destination to the community
string. A unique string which is the value of the snmpTargetAddrTagList in the
snmpTargetAddrEntry entry should appear in the snmpNotifyTag field of a
snmpNotifyEntry entry. The snmpNotifyType field of the snmpNotifyEntry entry should be
trap.
#Entry type: snmpNotifyEntry
#Format: snmpNotifyName (text)
#
snmpNotifyTag (text)
#
snmpNotifyType (trap(1), inform(2))
#
snmpNotifyStorageType (nonVolatile, permanent, readOnly)
snmpNotifyEntry 31 Console trap nonVolatile

The trap community MLOST must be assigned to a group and the group must be
provided Notify access to the MIB tree.
vacmSecurityToGroupEntry

snmpv1 MLOST TRAP nonVolatile

Here the community MLOST is assigned to the group TRAP.

vacmAccessEntry

TRAP - snmpv1 noAuthNoPriv exact - - All nonVolatile

Here the group TRAP is provided with notify access to the MIB tree.

Configuring SNMP v3
SNMP v3 utilizes user based security model and view based access control model. User
based security model makes use of user names and authentication keys instead of
communities.

The user names and their corresponding authentication keys must be defined using the
following entry:
#Entry type: usmUserEntry
#Format: usmUserEngineID (octetString)
#
usmUserName (text)
#
usmUserAuthProtocol (OID)
#
usmUserPrivProtocol (OID)
#
usmUserStorageType (nonVolatile, permanent, readOnly)
#
usmTargetTag (text)
#
AuthKey (octetString)
usmUserEntry localSnmpID MLOSU usmHMACMD5AuthProtocol usmNoPrivProtocol
nonVolatile ConferenceRoom mlos

The field usmUserName must contain the user name to be configured and the
authentication key must be specified in the field AuthKey. Here the user name
MLOSU is defined with the authentication key mlos. Since authentication
protocol
usmHMACMD5AuthProtocol
is
specified
in
the
field
usmUserAuthProtocol, this entry specifies that requests with user name MLOSU
should be accepted only if the request is authenticated. The usmTargetTag is
used to map the username to IP address of external managers. A
snmpTargetAddrEntry entry must be added with the same value in the
snmpTargetAddrTagList field.
The user should be assigned to a user group. This can be done using the
following entry.
#Entry type: vacmSecurityToGroupEntry
#Format: vacmSecurityModel (snmpv1, snmpv2c, snmpv2s, usm)
#
vacmSecurityName (text)
#
vacmGroupName (text)
#
vacmSecurityToGroupStorageType (nonVolatile, permanent,
#readOnly)

vacmSecurityToGroupEntry

usm MLOSU Admin nonVolatile

Here the user MLOSU is assigned to the group Admin. Since this is an SNMP
v3 configuration entry the field vacmSecurityModel must contain the string usm.
A MIB view should be defined to specify the scope of access of this group.
#Entry type: vacmViewTreeFamilyEntry
#Format: vacmViewTreeFamilyViewName (text)
#
vacmViewTreeFamilySubtree (OID)
#
vacmViewTreeFamilyMask (octetString)
#
vacmViewTreeFamilyType (included, excluded)
#
vacmViewTreeFamilyStorageType (nonVolatile, permanent,
readOnly)

vacmViewTreeFamilyEntry All iso - included nonVolatile

This entry creates a MIB view that is arbitrarily called All which includes a point just
below the root of the MIB tree, iso. This mib view provides access to all the MIB nodes.

Access permissions can be granted to the groups rather than to individual users.
#Entry type: vacmAccessEntry
#Format: vacmGroupName (text)
#
vacmAccessContextPrefix (text)
#
vacmAccessSecurityModel (snmpv1, snmpv2c, snmpv2s, usm)
#
vacmAccessSecurityLevel (noAuthNoPriv, authNoPriv, #authPriv)
#
vacmAccessContextMatch (exact, prefix)
#
vacmAccessReadViewName (text)
#
vacmAccessWriteViewName (text)
#
vacmAccessNotifyViewName (text)
#
vacmAccessStorageType (nonVolatile, permanent, readOnly)
vacmAccessEntry

Admin - usm authNoPriv exact All All All nonVolatile

The group Admin is given write access to the entire MIB tree.
The IP Addresses of EXAP must be configured using the following entries:
#Entry type: snmpTargetAddrEntry
#Format: snmpTargetAddrName (text)
#
snmpTargetAddrTDomain (snmpUDPDomain, snmpIPXDomain, etc.)
#
snmpTargetAddrTAddress (transport address,i.e.
192.147.142.254:0)
#
snmpTargetAddrTimeout (integer)
#
snmpTargetAddrRetryCount (integer)
#
snmpTargetAddrTagList (text)
#
snmpTargetAddrParams (text)
#
snmpTargetAddrStorageType (nonVolatile, permanent, readOnly)
#
tgtAddressMask (transport mask, i.e. 255.255.255.255:0)
snmpTargetAddrEntry 40 snmpUDPDomain 132.186.67.41:0 100 3
ConferenceRoom - nonVolatile 255.255.255.255:0

Here the snmpTargetAddrTagList value ConferenceRoom is used to establish

correspondence with usmUserEntry entries. The Master Agent will accept
requests sent with user name MLOSU from IP Address 132.186.67.41. When
configuring manager addresses the field snmpTargetAddrParams must be set to
-. When configuring trap destinations the field should contain a valid
snmpTargetParamsName value.
For sending traps to multiple IP Addresses multiple snmpTargetAddrEntry entries
can be added. For sending traps to ports other than the default port(162), the
port can be specified along with the IP Address of the manager in the IP
Address:Port Format and the tgtAddressMask value must be set to
255.255.255.255:255.
For eg:snmpTargetAddrEntry 41 snmpUDPDomain 132.186.67.41:1025 100 3 Console
v3mlos nonVolatile 255.255.255.255:255

The snmpTargetAddrTagList value Console must be defined in snmpNotifyTag

field of one of the snmpNotifyEntry entries.
#Entry type: snmpNotifyEntry
#Format: snmpNotifyName (text)
#
snmpNotifyTag (text)
#
snmpNotifyType (trap(1), inform(2))
#
snmpNotifyStorageType (nonVolatile, permanent, readOnly)
snmpNotifyEntry 31 Console trap nonVolatile

The snmpTargetAddrParams value v3mlos must be defined in the

snmpTargetParamsName field of one of the snmpTargetParamsEntry entries.
The following entry is used for configuring the user names to be used for sending
SNMP v3 traps.
#Entry type: snmpTargetParamsEntry
#Format: snmpTargetParamsName (text)
#
snmpTargetParamsMPModel (integer)
#
snmpTargetParamsSecurityModel (snmpv1, snmpv2c, snmpv2s, usm)
#
snmpTargetParamsSecurityName (text)
#
snmpTargetParamsSecurityLevel
(noAuthNoPriv,authNoPriv,authPriv)
#
snmpTargetParamsStorageType (nonVolatile, permanent,
readOnly)

snmpTargetParamsEntry v3mlos 3 usm MLOSU authNoPriv nonVolatile

User Hints
1. No SNMP agent other than the EMANATE SNMP agent must run on the machine
where the API client is running. Incase this requires to be done then the
environment variable SR_SNMP_TEST_PORT must be set so that a different port
number other than default value of 161 is used.

2. If more than one SNMP manager needs to be run on the same machine then the
trap receiving port must be configured to a value other than the default value of
162. This can be done using the environment variable SR_TRAP_TEST_PORT.
3. Incase the user wants to filter the traps he wants to receive (for example he wants
to receive only traps for one of the features supported by API client like
subscriber line tests) then this can be done as explained below.
Current settings of snmpd.cnf ie the machine with IP address 126.69.8.28 is
currently configured to receive traps.
snmpNotifyEntry 31 Console trap nonVolatile
snmpTargetParamsEntry v1ExampleParams 0 snmpv1 public noAuthNoPriv
nonVolatile
snmpTargetAddrEntry 32 snmpUDPDomain 126.69.8.28:3000 100 3 Console
v1Params nonVolatile 255.255.255.255:0
snmpTargetParamsEntry v1Params 0 snmpv1 MLOST noAuthNoPriv nonvolatile
Examples
Sending to 126.69.8.28 only traps relevant for SLT
snmpNotifyFilterProfileEntry v1Params sltOnly nonVolatile
snmpNotifyFilterEntry sltOnly enterprises.231.7.1.1.1.4 ff:ff excluded \
nonVolatile
snmpNotifyFilterEntry sltOnly enterprises.231.7.1.1.1.3 ff:ff excluded \
nonVolatile
snmpNotifyFilterEntry sltOnly iso ff:ff included \
nonVolatile
Sending to 126.69.8.28 all traps excluding traps from sub trees 1.3.6.1.4.1.231.7.1.1.3.* & 1.3.6.1.4.1.231.7.1.1.2.*
snmpNotifyFilterProfileEntry v1Params sltOnly nonVolatile
snmpNotifyFilterEntry sltOnly 1.3.6.1.4.1.231.7.1.1.3 ff:ff included \
nonVolatile
snmpNotifyFilterEntry sltOnly 1.3.6.1.4.1.231.7.1.1.2 ff:ff included \
nonVolatile