sys snmp
sys snmp(1) BIG-IP TMSH Manual sys snmp(1)
NAME
snmp - Configures the simple network management protocol (SNMP) daemon for the BIG-IP(r) system.
MODULE
sys
SYNTAX
Configure the snmp component within the sys module using the following syntax.
MODIFY
modify snmp
options:
agent-addresses [add | delete | replace-all-with] {
["agent:port"] ...
}
agent-addresses none
agent-trap [enabled | disabled]
allowed-addresses [add | delete | replace-all-with] {
[IP address]
}
allowed-addresses none
auth-trap [enabled | disabled]
bigip-traps [enabled | disabled]
communities [add | delete | modify | replace-all-with] {
[name] {
options:
access [ro | rw]
community-name [string]
description [string]
ipv6 [enabled | disabled]
oid-subset [string]
source [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
}
}
communities none
description [string]
disk-monitors [add | delete | modify | replace-all-with] {
[name] {
options:
description [string]
minspace [integer]
minspace-type [percent | size]
path [string]
}
}
disk-monitors none
include [string]
l2forward-vlan [all | add | delete | replace-all-with] {
[VLAN name] ...
}
l2forward-vlan none
load-max1 [integer]
load-max5 [integer]
load-max15 [integer]
process-monitors [add | delete | modify | replace-all-with] {
[name] {
options:
description [string]
process [string]
min-processes [integer]
max-processes [ [integer] | infinity ]
}
}
process-monitors none
snmpv1 [enabled | disabled]
snmpv2 [enabled | disabled]
sys-contact [string]
sys-location [string]
sys-services [integer]
trap-community [string]
trap-source [IP address]
traps [add | delete | modify | replace-all-with] {
[name] {
options:
auth-password [string]
auth-protocol [md5 | sha | none]
community [string]
description [string]
engine-id [ [number] | none ]
host [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
port [integer]
privacy-password [string]
privacy-protocol [aes | des | none]
security-level [auth-no-privacy | auth-privacy | no-auth-no-privacy]
security-name [string]
version [1 | 2c | 3]
}
}
traps none
users [add | delete | modify | replace-all-with] {
[user name] {
options:
access [ro | rw]
auth-password [string]
auth-protocol [md5 | sha | none]
description [string]
oid-subset [string]
privacy-password [string]
privacy-protocol [aes | des | none]
security-level [auth-no-privacy | auth-privacy | no-auth-no-privacy]
username [string]
}
}
v1-traps [add | delete | modify | replace-all-with] {
[name] {
options:
community [string]
description [string]
host [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
port [integer]
}
}
v1-traps none
v2-traps [add | delete | modify | replace-all-with] {
[name] {
options:
community [string]
description [string]
host [ [ip address] | [FQDN] | [ [protocol]:[ip address] ] |
[ [protocol]:[FQDN] ] ]
port [integer]
}
}
v2-traps none
edit snmp
options:
all-properties
non-default-properties
DISPLAY
list snmp
list snmp [option]
show running-config snmp
show running-config snmp [option]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the snmp component to configure the snmpd daemon for the BIG-IP system.
Important: F5 Networks recommends that users of the Configuration utility exit the utility before changes are
made to the system using the command sequence tmsh sys snmp. This is because making changes to the system
using this command causes a restart of the snmpd daemon. Likewise, restarting the snmpd daemon creates the
necessity for a restart of the Configuration utility.
EXAMPLES
modify snmp sys-contact admin@company.com
Modifies the configuration to indicate that the person who administers the snmpd daemon for the system can be
reached using the email address, admin@company.com.
modify snmp sys-location "central office"
Modifies the configuration to indicate that the physical location of the system is the central office.
modify snmp snmpv1 disabled
Disables snmpV1 agent support.
modify snmp snmpv2c disabled
Disables snmpV2c agent support.
modify snmp agent-trap disabled
Disables agent traps.
modify snmp allowed-addresses add {10.10.0.0/255.255.240.0}
Adds a range of SNMP clients to the /etc/hosts.allow file.
modify snmp traps add { tv1 { version 1 community public host 192.168.1.240 port 162 } }
Adds an SNMP version 1 trapsess, tv1, to the system. The destination IP address of tv1 is 192.168.1.240, the
port is 162, and the community that has access to tv1 is public. The default port is 162.
modify snmp traps add { tv2 {version 2c community public host 192.168.1.241 port 162} }
Adds an SNMP version 2 trapsess, tv2, to the system. The destination IP address of tv2 is 192.168.1.241, the
port is 162, and the community that has access to tv2 is public. The default port is 162. The default version
is 2c (version 2).
modify snmp traps add { trap_v3_1 { version 3 host 192.168.1.242 port 162 security-level auth-no-privacy
security-name mySecurityName auth-protocol md5 auth-password myAuthPassword } }
Adds an SNMP version 3 trapsess, trap_v3_1, with authentication capabilities to the system. The destination IP
address of trap_v3_1 is 192.168.1.242, the port is 162, the security level is the authentication without
privacy, the security name is mySecurityName, the authentication protocol is MD5, and the authentication
password is myAuthPassword. The default port is 162.
modify snmp traps add { trap_v3_2 { version 3 host 192.168.1.243 port 162 security-level auth-privacy
security-name mySecurityName auth-protocol sha auth-password myAuthPassword privacy-protocol aes privacy-
password myPrivacyPassword } }
Adds an SNMP version 3 trapsess, trap_v3_2, with authentication and privacy capabilities to the system. The
destination IP address of trap_v3_2 is 192.168.1.243, the port is 162, the security level is the
authentication and privacy, the security name is mySecurityName, the authentication protocol is SHA, the
authentication password is myAuthPassword, the privacy protocol is AES, and the privacy password is
myPrivacyPassword. The default port is 162.
modify snmp v1-traps add { ts { community public host 10.20.5.11 port 162 } }
Adds an SNMP version 1 trapsink, ts, to the system. The destination IP address of ts is 10.20.5.11, the port
is 162, and the community that has access to ts is public. The default port is 162.
modify snmp v2-traps add { t2s { community public host 10.20.5.12 port 162 } }
Adds an SNMP version 2 trap2sink, t2s, to the system. The destination IP address of t2s is 10.20.5.12, the
port is 162, and the community that has access to t2s is public. The default port is 162.
modify snmp users add { myUser1 { username myUser1 access ro security-level auth-no-privacy auth-protocol md5
auth-password myAuthPassword privacy-protocol } }
Adds an SNMP version 3 user with the user name, myUser1, to the system. The access to the management
information base (MIB) of myUser1 is read-only, the security level is the authentication without privacy, the
authentication protocol is MD5, and the authentication password is myAuthPassword.
modify snmp users add { myUser2 { username myUser2 oid-subset .1.3.6.1.4.1.3375 auth-protocol md5 auth-
password myAuthPassword privacy-protocol none } }
Adds an SNMP version 3 user with the user name, myUser2, to the system. The access to the management
information base (MIB) of myUser2 is read-only (by default) and restricted to every object below
.1.3.6.1.4.1.3375 object identifier in the MIB tree, the security level is the authentication without privacy,
the authentication protocol is MD5, and the authentication password is myAuthPassword.
modify snmp users add { myUser3 { username myUser3 access ro security-level auth-privacy auth-protocol sha
auth-password myAuthPassword privacy-protocol des privacy-password myPrivacyPassword } }
Adds an SNMP version 3 user with the user name, myUser3, to the system. The access to the management
information base (MIB) of myUser3 is read-only, the security level is the authentication and privacy, the
authentication protocol is SHA, the authentication password is myAuthPassword, the privacy protocol is DES,
and the privacy password is myPrivacyPassword.
modify snmp users add { myUser4 { username myUser4 access ro security-level no-auth-no-privacy auth-protocol
none privacy-protocol none } }
Adds an SNMP version 3 user with the user name, myUser4, to the system. The access to the management
information base (MIB) of myUser4 is read-only without the authentication and privacy settings.
modify snmp communities add { community1 { community-name mycommunity access ro source 192.168.1.246 oid-
subset 5 ipv6 disabled } }
Creates a community specification named community1 for the BIG-IP system. community1 includes a community,
named mycommunity, that provides read-only access to the host at 192.168.1.246. This host cannot be an IPv6
address. The oid for this community is 5.
modify snmp communities add { new-name { community-name public source default oid-subset 1 access ro } }
Replaces the default community specification for the BIG-IP system. Using this command, the default community
includes a community, named public, that provides read-only access to the default host. The oid for this
community is 1.
modify snmp communities delete { mycommunity }
Deletes the community named mycommunity.
modify snmp load-max1 0 load-max5 0 load-max15 0
Disables monitoring of snmpd load average on the BIG-IP system.
OPTIONS
snmpv1
Specifies, when enabled, that the snmpd daemon supports snmpV1 queries. The default value is enabled.
snmpv2c
Specifies, when enabled, that the snmpd daemon supports snmpV2c queries. The default value is enabled.
agent-addresses
Indicates that the SNMP agent is to listen on the specified address. F5 Networks recommends that you do
not change this setting without fully understanding the impact of the change.
agent-trap
Specifies, when enabled, that the snmpd daemon sends traps, for example, start and stop traps. The
default value is enabled.
allowed-addresses
Configures the IP addresses of the SNMP clients from which the snmpd daemon accepts requests. An SNMP
client is a system that runs the SNMP manager software for the purpose of remotely managing the BIG-IP
system. The default value is 127.
auth-trap
Specifies, when enabled, that the snmpd daemon generates authentication failure traps. The default value
is disabled.
bigip-traps
Specifies, when enabled, that the BIG-IP system sends device warning traps to the trap destinations. The
default value is enabled.
community
Configures a community for the snmpd daemon. Note that you must include a community key, and you must
enclose the attributes in braces.
The options are additive and include:
access
Specifies the community access level to the MIB. The access options are ro (read-only) or rw (read-
write). The default value is ro.
community name
Specifies the name of the community that you are configuring for the snmpd daemon. This option is
required. The default value is public.
description
User defined description.
ipv6 Specifies to enable or disable IPv6 addresses for the community that you are configuring. The
default value is disabled.
oid-subset
Specifies to restrict access by the community to every object below the specified object identifier
(OID).
source
Specifies the source addresses with the specified community name that can access the management
information base (MIB). The default value is default, which means allow any source address to access
the MIB.
description
User defined description.
disk-monitors
Checks the disks mounted at the specified path for available disk space.
The options are:
description
User defined description.
minspace
Specifies the minimum disk space threshold in either kBs or percentage based on the value of the
minspace-type option. If the available disk space is less than this amount, the associated entry in
the 1.3.6.1.4.1.2021.9.1.100 MIB table is set to (1) and a descriptive error message is returned to
queries of 1.3.6.1.4.1.2021.9.1.101.
minspace-type
Specifies a minimum disk space measurement type of either size in kB, or percent. Note that the
value of the minspace option is based on the value of this option.
path Specifies the path to the disk that the system checks for disk space. This option is required.
include
Warning: Do not use this parameter without assistance from the F5 Technical Support team. The system does
not validate the commands issued using the include parameter. If you use this parameter incorrectly, you
put the functionality of the system at risk.
l2forward-vlan
Specifies the VLANs for which you want the snmpd daemon to expose Layer 2 forwarding information. Layer 2
forwarding is the means by which frames are exchanged directly between hosts, with no IP routing
required. The default value is none.
The options are:
all The snmpd daemon exposes Layer 2 forwarding information for all VLANS.
Warning: When you set this option to all, the system can create a very large table of statistics and
potentially affect system performance.
none Indicates that this option is not set.
Important: The default is not the same as setting this option to the string "none," which indicates
that you do not want the snmpd daemon to expose Layer 2 forwarding for any VLAN.
VLAN name
Specifies the names of the VLANs for which the snmpd daemon exposes Layer 2 forwarding information.
The snmpd daemon overwrites the value of the sysL2ForwardAttrVlan object identifier (OID) with the
specified VLAN names. Once you set this parameter, users cannot change the value of the
sysL2ForwardAttrVlan OID using the SNMP set method.
load-max1
Specifies the maximum 1-minute load average of the machine. If the load exceeds this threshold, the
associated entry in the 1.3.6.1.4.1.2021.10.1.100 MIB table is set to (1) and a descriptive error message
is returned to queries of 1.3.6.1.4.1.2021.10.1.101.
Note that when you specify a 0 (zero) for all three of the load-max1, load-max5, and load-max15 options,
the system does not monitor the load average.
load-max5
Specifies the maximum 5-minute load average of the machine. If the load exceeds this threshold, the
associated entry in the 1.3.6.1.4.1.2021.10.1.100 MIB table is set to (1) and a descriptive error message
is returned to queries of 1.3.6.1.4.1.2021.10.1.101.
Note that when you specify a 0 (zero) for all three of the load-max1, load-max5, and load-max15 options,
the system does not monitor the load average.
load-max15
Specifies the maximum 15-minute load average of the machine. If the load exceeds this threshold, the
associated entry in the 1.3.6.1.4.1.2021.10.1.100 MIB table is set to (1) and a descriptive error message
is returned to queries of 1.3.6.1.4.1.2021.10.1.101.
Note that when you specify a 0 (zero) for all three of the load-max1, load-max5, and load-max15 options,
the system does not monitor the load average.
process-monitors
Specifies to check the machine to determine if the specified process is running. An error flag (1) and a
description message are passed to the 1.3.6.1.4.1.2021.2.1.100 and 1.3.6.1.4.1.2021.2.1.101 MIB columns
(respectively) if the specified program is not found in the process table as reported by /bin/ps -e.
F5 Networks recommends that you do not modify or delete system processes; however, you can add, modify,
or delete user-defined processes.
The options are:
description
User defined description.
max-processes
Specifies the maximum number of instances of the process that can run. The default value is 1.
If you do not specify values for the min-processes and max-processes options, the max-processes
option is 1 by default.
min-processes
Specifies the minimum number of instances of the process that can run. The default value is 1.
If you do not specify a value for the max-processes option, and the min-processes option is not
specified, the min-processes option is 0 (zero) by default.
process
Specifies the name of the monitored process. The maximum length for a process name is 16 characters.
This option is required.
sys-contact
Specifies the name of the person who administers the snmpd daemon for this system. The default value is
"Customer Name