34.2 Setting the SNMP Community Strings

This section provides the following information:

34.2.1 Setting the SNMP Community String: Novell NetWare Server

You configure security access for SNMP communications using either SNMP LOAD command line parameters (Novell NetWare 3.x/4.x/5.x/6 servers) or through INETCFG (Novell NetWare 4.x/5.x/6 servers, or servers with Novell NetWare MultiProtocol Routerâ„¢ software installed).

The following sections contain additional information to help you configure your Novell NetWare servers:

Configuring Community String Options Using INETCFG

To configure the community string options using INETCFG:

  1. At the server prompt, enter LOAD INETCFG.

  2. From the Internetworking Configuration menu, click Manage Configuration > Configure SNMP Parameters > Monitor State.

  3. Select one of the following options:

    These options let you indicate how SNMP handles SNMP read operations coming from outside this server.

    Option

    Description

    Any Community May Read

    Allows all GET (read) commands no matter what community string is provided in the incoming read request.

    Leave as Default Setting

    Avoids changing the Monitor community string from its default (which is usually PUBLIC). The default Monitor Community can still be changed manually through SNMP command line options, as described in Configuring Community String Options Using SNMP LOAD Commands.

    No Community May Read

    Allows GET (read) commands only for requests that are made by Novell ConsoleOne that have logged in to the server with SUPERVISOR or OPERATOR privileges. Any community string provided in an incoming read request is ignored.

    Specified Community May Read

    Allows only GET (read) commands for requests that contain the name specified in the Monitor Community field. If you selected this option, enter a name in the Monitor Community field, then press Enter. Enter the name of the community that is allowed to read management information. SNMP management stations that belong to this community can read the network management database.

  4. Press Enter.

    To change the Control community options, repeat Step 1 to Step 4 and choose the appropriate options for the community strings.

  5. When you are finished, press Esc. If prompted, click Yes to save changes to the SNMP parameters, then press Enter.

  6. To return to the Internetworking Configuration menu, press Esc.

  7. To exit INETCFG, press Esc.

  8. Re-initialize the system.

    To re-initialize, at the server prompt, enter reinitialize system.

Configuring Community String Options Using SNMP LOAD Commands

The LOAD command accepts the following SNMP option parameters:

  • MonitorCommunity: Sets the community string for read-only (GET) access. The default value is PUBLIC. The syntax is as follows:

    LOAD SNMP MonitorCommunity=community_name
    
  • ControlCommunity: Sets the community string for read and write (GET and SET) access. By default, this community string is disabled.

    The syntax is as follows:

    LOAD SNMP ControlCommunity=community_name
    

    These options set the community string for the indicated community.

    The following table shows examples of available settings:

    IMPORTANT:Community strings are case sensitive.

    Access Available to Requester

    Read Only

    Read/Write

    Community name: "secret"

    Load SNMP MonitorCommunity=secret

    or

    LOAD SNMP ControlCommunity=secret

    LOAD SNMP ControlCommunity=secret

    Community name: "str1" or "str2"

    Load SNMP MonitorCommunity=str1

    and

    LOAD SNMP ControlCommunity=str2

     

    Any community name

    Load SNMP MonitorCommunity=""

    or

    LOAD SNMP ControlCommunity=""

    LOAD SNMP ControlCommunity=""

34.2.2 Setting the SNMP Community String: Novell ConsoleOne

You set global community and trap target information using the SNMP property page associated with the site-level object. You can also customize the setting for a specific device using the SNMP property page of the device itself.

34.2.3 Setting Community Strings for an Individual Node

This section describes the procedure to set up the community strings for SNMP SET and GET operations on an individual node.

Typically, community strings are configured to be identical over all nodes in a network, or at least over a portion of the network. The default value for both SET and GET is public. The community strings are case sensitive.

By default, Novell ZENworks Server Management uses the public community string for SNMP GET and SET operations. You can configure a community string other than public on a node-by-node basis, or you can configure a community string globally on all SNMP-managed nodes. The community string that Novell ZENworks Server Management uses must match the string expected by the SNMP agent in the managed node; otherwise, the operation will fail.

To set up the community strings for SET and GET operations for an individual node:

  1. In Novell ConsoleOne, click the target SNMP-manageable node.

  2. Right click the node, then click SNMP Settings.

  3. Enter the community string.

    Novell ZENworks Server Management uses this community string for SET and GET operations when communicating with the device.

  4. Click OK.

34.2.4 Setting the SNMP Community String: Windows

You configure security access for SNMP communications on Windows servers using the Network applet in the Windows Control Panel. For detailed information, refer to your Windows documentation or online help.

You must load the Microsoft* SNMP Service on your Windows servers. The SNMP community string setting must be the same as the SNMP community string setting on your Novell ConsoleOne.