sys snmp
sys snmp(1) BIG-IP TMSH Manual sys snmp(1)
NAME
snmp - Configures the simple network management protocol (SNMP) daemon
for the BIG-IP(r) system.
MODULE
sys
SYNTAX
Configure the snmp component within the sys module using the following
syntax.
MODIFY
modify snmp
options:
agent-addresses [add | delete | replace-all-with] {
["agent:port"] ...
}
agent-addresses none
agent-trap [enabled | disabled]
allowed-addresses [add | delete | replace-all-with] {
[IP address]
}
allowed-addresses none
auth-trap [enabled | disabled]
bigip-traps [enabled | disabled]
communities [add | delete | modify | replace-all-with] {
[name] {
options:
access [ro | rw]
community-name [string]
description [string]
ipv6 [enabled | disabled]
oid-subset [string]
source [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
}
}
communities none
description [string]
disk-monitors [add | delete | modify | replace-all-with] {
[name] {
options:
description [string]
minspace [integer]
minspace-type [percent | size]
path [string]
}
}
disk-monitors none
include [string]
l2forward-vlan [all | add | delete | replace-all-with] {
[VLAN name] ...
}
l2forward-vlan none
load-max1 [integer]
load-max5 [integer]
load-max15 [integer]
process-monitors [add | delete | modify | replace-all-with] {
[name] {
options:
description [string]
process [string]
min-processes [integer]
max-processes [ [integer] | infinity ]
}
}
process-monitors none
snmpv1 [enabled | disabled]
snmpv2 [enabled | disabled]
sys-contact [string]
sys-location [string]
sys-services [integer]
trap-community [string]
trap-source [IP address]
traps [add | delete | modify | replace-all-with] {
[name] {
options:
auth-password [string]
auth-protocol [md5 | sha | none]
community [string]
description [string]
engine-id [ [number] | none ]
host [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
port [integer]
privacy-password [string]
privacy-protocol [aes | des | none]
security-level [auth-no-privacy | auth-privacy | no-auth-no-privacy]
security-name [string]
version [1 | 2c | 3]
}
}
traps none
users [add | delete | modify | replace-all-with] {
[user name] {
options:
access [ro | rw]
auth-password [string]
auth-protocol [md5 | sha | none]
description [string]
oid-subset [string]
privacy-password [string]
privacy-protocol [aes | des | none]
security-level [auth-no-privacy | auth-privacy | no-auth-no-privacy]
username [string]
}
}
v1-traps [add | delete | modify | replace-all-with] {
[name] {
options:
community [string]
description [string]
host [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
port [integer]
}
}
v1-traps none
v2-traps [add | delete | modify | replace-all-with] {
[name] {
options:
community [string]
description [string]
host [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
port [integer]
}
}
v2-traps none
edit snmp
options:
all-properties
non-default-properties
DISPLAY
list snmp
list snmp [option]
show running-config snmp
show running-config snmp [option]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the snmp component to configure the snmpd daemon for the
BIG-IP system.
Important: F5 Networks recommends that users of the Configuration
utility exit the utility before changes are made to the system using
the command sequence tmsh sys snmp. This is because making changes to
the system using this command causes a restart of the snmpd daemon.
Likewise, restarting the snmpd daemon creates the necessity for a
restart of the Configuration utility.
EXAMPLES
modify snmp sys-contact admin@company.com
Modifies the configuration to indicate that the person who administers
the snmpd daemon for the system can be reached using the email address,
admin@company.com.
modify snmp sys-location "central office"
Modifies the configuration to indicate that the physical location of
the system is the central office.
modify snmp snmpv1 disabled
Disables snmpV1 agent support.
modify snmp snmpv2c disabled
Disables snmpV2c agent support.
modify snmp agent-trap disabled
Disables agent traps.
modify snmp allowed-addresses add {10.10.0.0/255.255.240.0}
Adds a range of SNMP clients to the /etc/hosts.allow file.
modify snmp traps add { tv1 { version 1 community public host
192.168.1.240 port 162 } }
Adds an SNMP version 1 trapsess, tv1, to the system. The destination IP
address of tv1 is 192.168.1.240, the port is 162, and the community
that has access to tv1 is public. The default port is 162.
modify snmp traps add { tv2 {version 2c community public host
192.168.1.241 port 162} }
Adds an SNMP version 2 trapsess, tv2, to the system. The destination IP
address of tv2 is 192.168.1.241, the port is 162, and the community
that has access to tv2 is public. The default port is 162. The default
version is 2c (version 2).
modify snmp traps add { trap_v3_1 { version 3 host 192.168.1.242 port
162 security-level auth-no-privacy security-name mySecurityName auth-
protocol md5 auth-password myAuthPassword } }
Adds an SNMP version 3 trapsess, trap_v3_1, with authentication
capabilities to the system. The destination IP address of trap_v3_1 is
192.168.1.242, the port is 162, the security level is the
authentication without privacy, the security name is mySecurityName,
the authentication protocol is MD5, and the authentication password is
myAuthPassword. The default port is 162.
modify snmp traps add { trap_v3_2 { version 3 host 192.168.1.243 port
162 security-level auth-privacy security-name mySecurityName auth-
protocol sha auth-password myAuthPassword privacy-protocol aes privacy-
password myPrivacyPassword } }
Adds an SNMP version 3 trapsess, trap_v3_2, with authentication and
privacy capabilities to the system. The destination IP address of
trap_v3_2 is 192.168.1.243, the port is 162, the security level is the
authentication and privacy, the security name is mySecurityName, the
authentication protocol is SHA, the authentication password is
myAuthPassword, the privacy protocol is AES, and the privacy password
is myPrivacyPassword. The default port is 162.
modify snmp v1-traps add { ts { community public host 10.20.5.11 port
162 } }
Adds an SNMP version 1 trapsink, ts, to the system. The destination IP
address of ts is 10.20.5.11, the port is 162, and the community that
has access to ts is public. The default port is 162.
modify snmp v2-traps add { t2s { community public host 10.20.5.12 port
162 } }
Adds an SNMP version 2 trap2sink, t2s, to the system. The destination
IP address of t2s is 10.20.5.12, the port is 162, and the community
that has access to t2s is public. The default port is 162.
modify snmp users add { myUser1 { username myUser1 access ro security-
level auth-no-privacy auth-protocol md5 auth-password myAuthPassword
privacy-protocol } }
Adds an SNMP version 3 user with the user name, myUser1, to the system.
The access to the management information base (MIB) of myUser1 is read-
only, the security level is the authentication without privacy, the
authentication protocol is MD5, and the authentication password is
myAuthPassword.
modify snmp users add { myUser2 { username myUser2 oid-subset
.1.3.6.1.4.1.3375 auth-protocol md5 auth-password myAuthPassword
privacy-protocol none } }
Adds an SNMP version 3 user with the user name, myUser2, to the system.
The access to the management information base (MIB) of myUser2 is read-
only (by default) and restricted to every object below
.1.3.6.1.4.1.3375 object identifier in the MIB tree, the security level
is the authentication without privacy, the authentication protocol is
MD5, and the authentication password is myAuthPassword.
modify snmp users add { myUser3 { username myUser3 access ro security-
level auth-privacy auth-protocol sha auth-password myAuthPassword
privacy-protocol des privacy-password myPrivacyPassword } }
Adds an SNMP version 3 user with the user name, myUser3, to the system.
The access to the management information base (MIB) of myUser3 is read-
only, the security level is the authentication and privacy, the
authentication protocol is SHA, the authentication password is
myAuthPassword, the privacy protocol is DES, and the privacy password
is myPrivacyPassword.
modify snmp users add { myUser4 { username myUser4 access ro security-
level no-auth-no-privacy auth-protocol none privacy-protocol none } }
Adds an SNMP version 3 user with the user name, myUser4, to the system.
The access to the management information base (MIB) of myUser4 is read-
only without the authentication and privacy settings.
modify snmp communities add { community1 { community-name mycommunity
access ro source 192.168.1.246 oid-subset 5 ipv6 disabled } }
Creates a community specification named community1 for the BIG-IP
system. community1 includes a community, named mycommunity, that
provides read-only access to the host at 192.168.1.246. This host
cannot be an IPv6 address. The oid for this community is 5.
modify snmp communities add { new-name { community-name public source
default oid-subset 1 access ro } }
Replaces the default community specification for the BIG-IP system.
Using this command, the default community includes a community, named
public, that provides read-only access to the default host. The oid for
this community is 1.
modify snmp communities delete { mycommunity }
Deletes the community named mycommunity.
modify snmp load-max1 0 load-max5 0 load-max15 0
Disables monitoring of snmpd load average on the BIG-IP system.
OPTIONS
snmpv1
Specifies, when enabled, that the snmpd daemon supports snmpV1
queries. The default value is enabled.
snmpv2c
Specifies, when enabled, that the snmpd daemon supports snmpV2c
queries. The default value is enabled.
agent-addresses
Indicates that the SNMP agent is to listen on the specified
address. F5 Networks recommends that you do not change this
setting without fully understanding the impact of the change.
agent-trap
Specifies, when enabled, that the snmpd daemon sends traps, for
example, start and stop traps. The default value is enabled.
allowed-addresses
Configures the IP addresses of the SNMP clients from which the
snmpd daemon accepts requests. An SNMP client is a system that
runs the SNMP manager software for the purpose of remotely
managing the BIG-IP system. The default value is 127.
auth-trap
Specifies, when enabled, that the snmpd daemon generates
authentication failure traps. The default value is disabled.
bigip-traps
Specifies, when enabled, that the BIG-IP system sends device
warning traps to the trap destinations. The default value is
enabled.
community
Configures a community for the snmpd daemon. Note that you must
include a community key, and you must enclose the attributes in
braces.
The options are additive and include:
access
Specifies the community access level to the MIB. The access
options are ro (read-only) or rw (read-write). The default
value is ro.
community name
Specifies the name of the community that you are configuring
for the snmpd daemon. This option is required. The default
value is public.
description
User defined description.
ipv6 Specifies to enable or disable IPv6 addresses for the
community that you are configuring. The default value is
disabled.
oid-subset
Specifies to restrict access by the community to every object
below the specified object identifier (OID).
source
Specifies the source addresses with the specified community
name that can access the management information base (MIB).
The default value is default, which means allow any source
address to access the MIB.
description
User defined description.
disk-monitors
Checks the disks mounted at the specified path for available disk
space.
The options are:
description
User defined description.
minspace
Specifies the minimum disk space threshold in either kBs or
percentage based on the value of the minspace-type option. If
the available disk space is less than this amount, the
associated entry in the 1.3.6.1.4.1.2021.9.1.100 MIB table is
set to (1) and a descriptive error message is returned to
queries of 1.3.6.1.4.1.2021.9.1.101.
minspace-type
Specifies a minimum disk space measurement type of either
size in kB, or percent. Note that the value of the minspace
option is based on the value of this option.
path Specifies the path to the disk that the system checks for
disk space. This option is required.
include
Warning: Do not use this parameter without assistance from the F5
Technical Support team. The system does not validate the commands
issued using the include parameter. If you use this parameter
incorrectly, you put the functionality of the system at risk.
l2forward-vlan
Specifies the VLANs for which you want the snmpd daemon to expose
Layer 2 forwarding information. Layer 2 forwarding is the means by
which frames are exchanged directly between hosts, with no IP
routing required. The default value is none.
The options are:
all The snmpd daemon exposes Layer 2 forwarding information for
all VLANS.
Warning: When you set this option to all, the system can
create a very large table of statistics and potentially
affect system performance.
none Indicates that this option is not set.
Important: The default is not the same as setting this option
to the string "none," which indicates that you do not want
the snmpd daemon to expose Layer 2 forwarding for any VLAN.
VLAN name
Specifies the names of the VLANs for which the snmpd daemon
exposes Layer 2 forwarding information. The snmpd daemon
overwrites the value of the sysL2ForwardAttrVlan object
identifier (OID) with the specified VLAN names. Once you set
this parameter, users cannot change the value of the
sysL2ForwardAttrVlan OID using the SNMP set method.
load-max1
Specifies the maximum 1-minute load average of the machine. If the
load exceeds this threshold, the associated entry in the
1.3.6.1.4.1.2021.10.1.100 MIB table is set to (1) and a
descriptive error message is returned to queries of
1.3.6.1.4.1.2021.10.1.101.
Note that when you specify a 0 (zero) for all three of the
load-max1, load-max5, and load-max15 options, the system does not
monitor the load average.
load-max5
Specifies the maximum 5-minute load average of the machine. If the
load exceeds this threshold, the associated entry in the
1.3.6.1.4.1.2021.10.1.100 MIB table is set to (1) and a
descriptive error message is returned to queries of
1.3.6.1.4.1.2021.10.1.101.
Note that when you specify a 0 (zero) for all three of the
load-max1, load-max5, and load-max15 options, the system does not
monitor the load average.
load-max15
Specifies the maximum 15-minute load average of the machine. If
the load exceeds this threshold, the associated entry in the
1.3.6.1.4.1.2021.10.1.100 MIB table is set to (1) and a
descriptive error message is returned to queries of
1.3.6.1.4.1.2021.10.1.101.
Note that when you specify a 0 (zero) for all three of the
load-max1, load-max5, and load-max15 options, the system does not
monitor the load average.
process-monitors
Specifies to check the machine to determine if the specified
process is running. An error flag (1) and a description message
are passed to the 1.3.6.1.4.1.2021.2.1.100 and
1.3.6.1.4.1.2021.2.1.101 MIB columns (respectively) if the
specified program is not found in the process table as reported by
/bin/ps -e.
F5 Networks recommends that you do not modify or delete system
processes; however, you can add, modify, or delete user-defined
processes.
The options are:
description
User defined description.
max-processes
Specifies the maximum number of instances of the process that
can run. The default value is 1.
If you do not specify values for the min-processes and max-
processes options, the max-processes option is 1 by default.
min-processes
Specifies the minimum number of instances of the process that
can run. The default value is 1.
If you do not specify a value for the max-processes option,
and the min-processes option is not specified, the min-
processes option is 0 (zero) by default.
process
Specifies the name of the monitored process. The maximum
length for a process name is 16 characters. This option is
required.
sys-contact
Specifies the name of the person who administers the snmpd daemon
for this system. The default value is "Customer
Name