Notes on SNMP
Notes on SNMP
- In XCP 2420, to use the SNMPv3 agent, the default encryption protocol was changed for security reasons to Advanced Encryption Standard (AES). When Data Encryption Standard (DES) is used for the encryption protocol, we recommend changing the setting to AES.
- When using the SNMPv3 agent, after setting up the authentication protocol and the encryption protocol using the setsnmp(8) command, be sure to set up User-based Security Model (USM) management information using the setsnmpusm(8) command and View-based Access Control Model (VACM) management information using the setsnmpvacm(8) command. Specification of the authentication protocol and the encryption protocol is required in the SNMPv3 agent setup process. Moreover, a password must be entered to use the setsnmp(8) or setsnmpusm(8) command.
- If a server, on which the SNMP manager is not running, is registered as the inform trap host of SNMPv3, execution of setsnmp(8), setsnmpusm(8) or setsnmpvacm(8) commands may output the "Agent restart failed" message. This message is output when there is an abnormality in the restarting of the SNMP agent, but as the SNMP agent works properly even if the message is output, it has no effect on the system. Register the trap host after the SNMP manager had been started.
- If the setsnmp(8) command is executed with the "addtraphost" or "addv3traphost" operand and a trap host is registered with a host name consisting of 16 or more characters, the UDP address of the trap reported to the trap host becomes the IP address assigned to the XSCF-LAN (physical IP address), instead of the takeover IP address (virtual IP address). This symptom occurs when a takeover IP address is set up.
If the host name of the trap host consists more than 16 characters, register the trap host with its IP address, not its host name.
[Workaround]
If a host name with more than 16 characters has already been registered, execute the setsnmp(8) command with either the "remtraphost" or the "remv3traphost" operands to remove the trap host and register the trap host again with the IP address. - When the trap host is registered with the setsnmp(8) command, the following message may be output.
iptables v1.4.7: host/network 'example.com' not found Try 'iptables -h' or 'iptables --help' for more information. |
- This message indicates that the name resolution has not been executed for the host name of the registered host.
Although the trap host has been properly registered, traps are not reported to the trap host because the name of the trap host could not be resolved.
Set up the name server by executing the setnameserver(8) command and conduct name resolution for the target host.
< Previous Page | Next Page >