SNMP Configuration and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

Installing and Configuring the SNMP Agent

SNMP Configuration and Management Manual—424777-006

2-32

Security Scenarios for SNMP Managers Using

TCP/IP

By default, authenticated manager requests forwarded to subagents are processed in

accordance with the access attributes of individual MIB objects. SNMP managers can

perform Get and GetNext operations on read-only MIB objects and Get, GetNext, and

Set operations on read-write objects.

When the SNMP agent forwards a request to a subagent, the forwarded request

includes the Internet address and community string. The subagent can use the Internet

address and the subagent-password portion of the community string to employ

additional security, responding to a request to access a MIB object, independent of the

subagent’s access attributes, only if the request contains a particular password and

originates from a specific Internet address. This option, known as subagent request

authentication, requires that the password appear as follows in the manager station’s

community string:

agent-community-string::subagent-password

Security Scenarios for SNMP Managers Using TCP/IP

Table 2-3. Security Scenarios (page 1 of 2)

Scenario Tasks

Method

(SCF Commands)

Allow an SNMP

manager to retrieve

information only.

Ask the SNMP administrator to send

requests to the SNMP agent under the

“public” community.

By default, the SNMP agent accepts Get

and GetNext requests from all members of

the “public” community.

Ask the SNMP

administrator.

Allow an SNMP

manager to set values

and retrieve

information.

Configure an authentication table entry for

the host address of the SNMP manager,

give the authentication table a unique

community name, and assign the table

READWRITE access. Then activate the

entry and inform the SNMP administrator of

the community name that must be present

in requests sent to the SNMP agent.

The SNMP agent accepts Get, GetNext,

and Set requests that contain the new

community name.

ADD PROFILE

START PROFILE

Allow an SNMP

manager to retrieve

information only.

Ask the SNMP administrator to send

requests to the SNMP agent under the

“public” community.

By default, the SNMP agent accepts Get

and GetNext requests from all members of

the “public” community.

Ask the SNMP

administrator.