sys snmp
sys snmp(1) BIG-IP TMSH Manual sys snmp(1)
NAME
snmp - Configures the simple network management protocol (SNMP) daemon for the BIG-IP(r) system.
MODULE
sys
SYNTAX
Configure the snmp component within the sys module using the following syntax.
MODIFY
modify snmp
options:
agent-addresses [add | delete | replace-all-with] {
["agent:port"] ...
}
agent-addresses none
agent-trap [enabled | disabled]
allowed-addresses [add | delete | replace-all-with] {
[IP address]
}
allowed-addresses none
auth-trap [enabled | disabled]
bigip-traps [enabled | disabled]
communities [add | delete | modify | replace-all-with] {
[name] {
options:
access [ro | rw]
community-name [string]
description [string]
ipv6 [enabled | disabled]
oid-subset [string]
source [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
}
}
communities none
description [string]
disk-monitors [add | delete | modify | replace-all-with] {
[name] {
options:
description [string]
minspace [integer]
minspace-type [percent | size]
path [string]
}
}
disk-monitors none
include [string]
l2forward-vlan [all | add | delete | replace-all-with] {
[VLAN name] ...
}
l2forward-vlan none
load-max1 [integer]
load-max5 [integer]
load-max15 [integer]
process-monitors [add | delete | modify | replace-all-with] {
[name] {
options:
description [string]
process [string]
min-processes [integer]
max-processes [ [integer] | infinity ]
}
}
process-monitors none
snmpv1 [enabled | disabled]
snmpv2 [enabled | disabled]
sys-contact [string]
sys-location [string]
sys-services [integer]
trap-community [string]
trap-source [IP address]
traps [add | delete | modify | replace-all-with] {
[name] {
options:
auth-password [string]
auth-protocol [md5 | sha | none]
community [string]
description [string]
engine-id [ [number] | none ]
host [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
port [integer]
privacy-password [string]
privacy-protocol [aes | des | none]
security-level [auth-no-privacy | auth-privacy | no-auth-no-privacy]
security-name [string]
version [1 | 2c | 3]
}
}
traps none
users [add | delete | modify | replace-all-with] {
[user name] {
options:
access [ro | rw]
auth-password [string]
auth-protocol [md5 | sha | none]
description [string]
oid-subset [string]
privacy-password [string]
privacy-protocol [aes | des | none]
security-level [auth-no-privacy | auth-privacy | no-auth-no-privacy]
username [string]
}
}
v1-traps [add | delete | modify | replace-all-with] {
[name] {
options:
community [string]
description [string]
host [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
port [integer]
}
}
v1-traps none
v2-traps [add | delete | modify | replace-all-with] {
[name] {
options:
community [string]
description [string]
host [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
port [integer]
}
}
v2-traps none
edit snmp
options:
all-properties
non-default-properties
DISPLAY
list snmp
list snmp [option]
show running-config snmp
show running-config snmp [option]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the snmp component to configure the snmpd daemon for the BIG-IP system.
Important: F5 Networks recommends that users of the Configuration utility exit the utility before changes are made to the
system using the command sequence tmsh sys snmp. This is because making changes to the system using this command causes a
restart of the snmpd daemon. Likewise, restarting the snmpd daemon creates the necessity for a restart of the Configuration
utility.
EXAMPLES
modify snmp sys-contact admin@company.com
Modifies the configuration to indicate that the person who administers the snmpd daemon for the system can be reached using
the email address, admin@company.com.
modify snmp sys-location "central office"
Modifies the configuration to indicate that the physical location of the system is the central office.
modify snmp snmpv1 disabled
Disables snmpV1 agent support.
modify snmp snmpv2c disabled
Disables snmpV2c agent support.
modify snmp agent-trap disabled
Disables agent traps.
modify snmp allowed-addresses add {10.10.0.0/255.255.240.0}
Adds a range of SNMP clients to the /etc/hosts.allow file.
modify snmp traps add { tv1 { version 1 community public host 192.168.1.240 port 162 } }
Adds an SNMP version 1 trapsess, tv1, to the system. The destination IP address of tv1 is 192.168.1.240, the port is 162,
and the community that has access to tv1 is public. The default port is 162.
modify snmp traps add { tv2 {version 2c community public host 192.168.1.241 port 162} }
Adds an SNMP version 2 trapsess, tv2, to the system. The destination IP address of tv2 is 192.168.1.241, the port is 162,
and the community that has access to tv2 is public. The default port is 162. The default version is 2c (version 2).
modify snmp traps add { trap_v3_1 { version 3 host 192.168.1.242 port 162 security-level auth-no-privacy security-name
mySecurityName auth-protocol md5 auth-password myAuthPassword } }
Adds an SNMP version 3 trapsess, trap_v3_1, with authentication capabilities to the system. The destination IP address of
trap_v3_1 is 192.168.1.242, the port is 162, the security level is the authentication without privacy, the security name is
mySecurityName, the authentication protocol is MD5, and the authentication password is myAuthPassword. The default port is
162.
modify snmp traps add { trap_v3_2 { version 3 host 192.168.1.243 port 162 security-level auth-privacy security-name
mySecurityName auth-protocol sha auth-password myAuthPassword privacy-protocol aes privacy-password myPrivacyPassword } }
Adds an SNMP version 3 trapsess, trap_v3_2, with authentication and privacy capabilities to the system. The destination IP
address of trap_v3_2 is 192.168.1.243, the port is 162, the security level is the authentication and privacy, the security
name is mySecurityName, the authentication protocol is SHA, the authentication password is myAuthPassword, the privacy
protocol is AES, and the privacy password is myPrivacyPassword. The default port is 162.
modify snmp v1-traps add { ts { community public host 10.20.5.11 port 162 } }
Adds an SNMP version 1 trapsink, ts, to the system. The destination IP address of ts is 10.20.5.11, the port is 162, and
the community that has access to ts is public. The default port is 162.
modify snmp v2-traps add { t2s { community public host 10.20.5.12 port 162 } }
Adds an SNMP version 2 trap2sink, t2s, to the system. The destination IP address of t2s is 10.20.5.12, the port is 162, and
the community that has access to t2s is public. The default port is 162.
modify snmp users add { myUser1 { username myUser1 access ro security-level auth-no-privacy auth-protocol md5 auth-password
myAuthPassword privacy-protocol } }
Adds an SNMP version 3 user with the user name, myUser1, to the system. The access to the management information base (MIB)
of myUser1 is read-only, the security level is the authentication without privacy, the authentication protocol is MD5, and
the authentication password is myAuthPassword.
modify snmp users add { myUser2 { username myUser2 oid-subset .1.3.6.1.4.1.3375 auth-protocol md5 auth-password
myAuthPassword privacy-protocol none } }
Adds an SNMP version 3 user with the user name, myUser2, to the system. The access to the management information base (MIB)
of myUser2 is read-only (by default) and restricted to every object below .1.3.6.1.4.1.3375 object identifier in the MIB
tree, the security level is the authentication without privacy, the authentication protocol is MD5, and the authentication
password is myAuthPassword.
modify snmp users add { myUser3 { username myUser3 access ro security-level auth-privacy auth-protocol sha auth-password
myAuthPassword privacy-protocol des privacy-password myPrivacyPassword } }
Adds an SNMP version 3 user with the user name, myUser3, to the system. The access to the management information base (MIB)
of myUser3 is read-only, the security level is the authentication and privacy, the authentication protocol is SHA, the
authentication password is myAuthPassword, the privacy protocol is DES, and the privacy password is myPrivacyPassword.
modify snmp users add { myUser4 { username myUser4 access ro security-level no-auth-no-privacy auth-protocol none privacy-
protocol none } }
Adds an SNMP version 3 user with the user name, myUser4, to the system. The access to the management information base (MIB)
of myUser4 is read-only without the authentication and privacy settings.
modify snmp communities add { community1 { community-name mycommunity access ro source 192.168.1.246 oid-subset 5 ipv6
disabled } }
Creates a community specification named community1 for the BIG-IP system. community1 includes a community, named
mycommunity, that provides read-only access to the host at 192.168.1.246. This host cannot be an IPv6 address. The oid for
this community is 5.
modify snmp communities add { new-name { community-name public source default oid-subset 1 access ro } }
Replaces the default community specification for the BIG-IP system. Using this command, the default community includes a
community, named public, that provides read-only access to the default host. The oid for this community is 1.
modify snmp communities delete { mycommunity }
Deletes the community named mycommunity.
modify snmp load-max1 0 load-max5 0 load-max15 0
Disables monitoring of snmpd load average on the BIG-IP system.
OPTIONS
snmpv1
Specifies, when enabled, that the snmpd daemon supports snmpV1 queries. The default value is enabled.
snmpv2c
Specifies, when enabled, that the snmpd daemon supports snmpV2c queries. The default value is enabled.
agent-addresses
Indicates that the SNMP agent is to listen on the specified address. F5 Networks recommends that you do not change
this setting without fully understanding the impact of the change.
agent-trap
Specifies, when enabled, that the snmpd daemon sends traps, for example, start and stop traps. The default value is
enabled.
allowed-addresses
Configures the IP addresses of the SNMP clients from which the snmpd daemon accepts requests. An SNMP client is a
system that runs the SNMP manager software for the purpose of remotely managing the BIG-IP system. The default value
is 127.
auth-trap
Specifies, when enabled, that the snmpd daemon generates authentication failure traps. The default value is disabled.
bigip-traps
Specifies, when enabled, that the BIG-IP system sends device warning traps to the trap destinations. The default value
is enabled.
community
Configures a community for the snmpd daemon. Note that you must include a community key, and you must enclose the
attributes in braces.
The options are additive and include:
access
Specifies the community access level to the MIB. The access options are ro (read-only) or rw (read-write). The
default value is ro.
community name
Specifies the name of the community that you are configuring for the snmpd daemon. This option is required. The
default value is public.
description
User defined description.
ipv6 Specifies to enable or disable IPv6 addresses for the community that you are configuring. The default value is
disabled.
oid-subset
Specifies to restrict access by the community to every object below the specified object identifier (OID).
source
Specifies the source addresses with the specified community name that can access the management information base
(MIB). The default value is default, which means allow any source address to access the MIB.
description
User defined description.
disk-monitors
Checks the disks mounted at the specified path for available disk space.
The options are:
description
User defined description.
minspace
Specifies the minimum disk space threshold in either kBs or percentage based on the value of the minspace-type
option. If the available disk space is less than this amount, the associated entry in the
1.3.6.1.4.1.2021.9.1.100 MIB table is set to (1) and a descriptive error message is returned to queries of
1.3.6.1.4.1.2021.9.1.101.
minspace-type
Specifies a minimum disk space measurement type of either size in kB, or percent. Note that the value of the
minspace option is based on the value of this option.
path Specifies the path to the disk that the system checks for disk space. This option is required.
include
Warning: Do not use this parameter without assistance from the F5 Technical Support team. The system does not validate
the commands issued using the include parameter. If you use this parameter incorrectly, you put the functionality of
the system at risk.
l2forward-vlan
Specifies the VLANs for which you want the snmpd daemon to expose Layer 2 forwarding information. Layer 2 forwarding
is the means by which frames are exchanged directly between hosts, with no IP routing required. The default value is
none.
The options are:
all The snmpd daemon exposes Layer 2 forwarding information for all VLANS.
Warning: When you set this option to all, the system can create a very large table of statistics and potentially
affect system performance.
none Indicates that this option is not set.
Important: The default is not the same as setting this option to the string "none," which indicates that you do
not want the snmpd daemon to expose Layer 2 forwarding for any VLAN.
VLAN name
Specifies the names of the VLANs for which the snmpd daemon exposes Layer 2 forwarding information. The snmpd
daemon overwrites the value of the sysL2ForwardAttrVlan object identifier (OID) with the specified VLAN names.
Once you set this parameter, users cannot change the value of the sysL2ForwardAttrVlan OID using the SNMP set
method.
load-max1
Specifies the maximum 1-minute load average of the machine. If the load exceeds this threshold, the associated entry
in the 1.3.6.1.4.1.2021.10.1.100 MIB table is set to (1) and a descriptive error message is returned to queries of
1.3.6.1.4.1.2021.10.1.101.
Note that when you specify a 0 (zero) for all three of the load-max1, load-max5, and load-max15 options, the system
does not monitor the load average.
load-max5
Specifies the maximum 5-minute load average of the machine. If the load exceeds this threshold, the associated entry
in the 1.3.6.1.4.1.2021.10.1.100 MIB table is set to (1) and a descriptive error message is returned to queries of
1.3.6.1.4.1.2021.10.1.101.
Note that when you specify a 0 (zero) for all three of the load-max1, load-max5, and load-max15 options, the system
does not monitor the load average.
load-max15
Specifies the maximum 15-minute load average of the machine. If the load exceeds this threshold, the associated entry
in the 1.3.6.1.4.1.2021.10.1.100 MIB table is set to (1) and a descriptive error message is returned to queries of
1.3.6.1.4.1.2021.10.1.101.
Note that when you specify a 0 (zero) for all three of the load-max1, load-max5, and load-max15 options, the system
does not monitor the load average.
process-monitors
Specifies to check the machine to determine if the specified process is running. An error flag (1) and a description
message are passed to the 1.3.6.1.4.1.2021.2.1.100 and 1.3.6.1.4.1.2021.2.1.101 MIB columns (respectively) if the
specified program is not found in the process table as reported by /bin/ps -e.
F5 Networks recommends that you do not modify or delete system processes; however, you can add, modify, or delete
user-defined processes.
The options are:
description
User defined description.
max-processes
Specifies the maximum number of instances of the process that can run. The default value is 1.
If you do not specify values for the min-processes and max-processes options, the max-processes option is 1 by
default.
min-processes
Specifies the minimum number of instances of the process that can run. The default value is 1.
If you do not specify a value for the max-processes option, and the min-processes option is not specified, the
min-processes option is 0 (zero) by default.
process
Specifies the name of the monitored process. The maximum length for a process name is 16 characters. This option
is required.
sys-contact
Specifies the name of the person who administers the snmpd daemon for this system. The default value is "Customer
Name