Manualshelf

SNMP Configuration and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Installing and Configuring the SNMP Agent
SNMP Configuration and Management Manual424777-006
2-27
Authenticating Requests Received Over TCP/IP
To avoid extraneous authenticationFailure traps, configure security before you
configure request/response connection points. Request/response connection points
are represented by SCF ENDPOINT objects or by rows in the SNMP agent private
zagInEndpointTable. For more information, refer to Configuring TCP/IP
Request/Response Connections on page 2-34.
The Authentication Mechanism
Authentication is the procedure by which the agent process accepts or rejects
requests from an SNMP manager that communicates through TCP/IP.
The SNMP agent looks at three elements of an incoming SNMP message to determine
whether to process (or forward) a request:
The community name portion of the community string included in the message
The Internet address from which the request originated
The SNMP operation that the SNMP manager wants the agent process to run or
forward for running on the manager’s behalf
Community Strings
Each request that an SNMP agent receives from an SNMP manager includes a
community string composed of one or two discrete sections delimited by two colons
(::) as follows:
community-name[::subagent-password]
The community string included in incoming requests is part of the SNMP managers
configuration and is set as described in the documentation provided by the vendor of
the SNMP manager.
The SNMP agent parses the community-name portion of the community string.
Community names that an SNMP agent recognizes are configured through SCF by the
system administrator responsible for the SNMP agent.
When an SNMP agent process receives a request, the SNMP agent searches for a
matching community name in the authentication table. If the SNMP agent does not find
a matching community name entry in the authentication table, the request is dropped.
If the snmpEnableAuthenTraps object in the SNMP group supported by the SNMP
agent is set to 1, the SNMP agent also sends an authenticationFailure trap to all
broadcast type trap destinations. Trap destinations are represented by SCF
TRAPDEST objects or by rows in the SNMP agent’s private zagInTrapdestTable. (For
more information, see Configuring Trap Destinations on page 2-38.)
Note. The subagent-password is passed to the subagent by the SNMP agent and is used
by the subagent to employ additional security. For more information, see After a Request Has
Been Authenticated on page 2-31.