ModSnmp Manual - SNMP Setup
The settings panels are used to configure the SNMP agent component of ModSnmp - that is, how ModSnmp communicates with SNMP managers.
The main panel enables you to configure the interface on which to listen for SNMP requests and the engine ID.
The and panels allow you to configure SNMP users.
The Interface settings in the SNMP panel (Figure 5, “SNMP panel”) are used to configure the interface that ModSnmp listens on for SNMP requests:
Type. UDP is normally used for SNMP, but it will work over TCP if that is what your SNMP manager uses.
Host. You would normally leave this field empty, which allows requests to be accepted via any network interface. But if you enter a host name or IP address of a network interface on the machine running ModSnmp, then ModSnmp will only accept requests via that network interface. For example, if you enter
localhost(or127.0.0.1) then ModSnmp will only accept requests from processes running on the same machine.Port. Enter the port that ModSnmp should listen on for requests. The standard SNMP port number is 161, but this is a "privileged" port and you will not be able to listen on this port on a Unix/Linux machine unless you are "superuser". This is not normally advisable, so it's better for testing purposes to use a non-privileged port (above 1023).
The Engine ID in the SNMP panel (Figure 5, “SNMP panel”) is used in SNMPv2c and SNMPv3 to uniquely identify the SNMP agent. It is also known as the "Agent ID". The default value is automatically generated from the IP address of the machine that ModSnmp is running on. Do not change the engine ID unless you know what you are doing.
To change the engine ID, enter the number of bytes in the Length field, and then enter the ID in the ID field as hex bytes.
WARNING: The engine ID is used in the generation of authentication and encryption keys. If you change the engine ID, you will have to re-enter all "secure" users, i.e. users that have authentication pass-phrases.
The Add User panel (Figure 6, “SNMP Add User panel”) enables you to define the users that may access Modbus data via ModSnmp.
SNMPv3 uses the User-based Security Model (USM) to authenticate users, and optionally encrypt the data in SNMP messages.
SNMPv1 and SNMPv2c use "community strings" instead of users, and do not support authentication or encryption. If you define a user without authentication, then ModSnmp will allow that user's name to be used as a community string in v1 and v2c messages.
To add an SNMP user, enter the following data and then click Apply:
Name. Enter the name of the user (for SNMPv3), or the community string (for SNMPv2c or SNMPv1).
Authentication Protocol. Select the authentication protocol to be used. Select None if the Name is to be used as a community string.
Authentication Passphrase. Enter the authentication passphrase. The passphrase is used to generate an authentication key, and is then discarded.
Privacy Protocol. Select the method to be used to encrypt SNMP messages.
Privacy Passphrase. Enter the privacy passphrase. The passphrase is used to generate an encryption key, and is then discarded.
Authorization. Select the Allow Write checkbox if this user is to be allowed to write to Modbus registers.
Note that it is a requirement of the SNMP standard that, for security reasons, passphrases are not stored. If you want to change a passphrase, you should delete and re-add the user.
Details of all defined users are displayed in the Users panel (Figure 7, “SNMP Users panel”).
See the section Defining SNMP Users for explanations of the values displayed in each column.
Users may be deleted using the Users panel (Figure 7, “SNMP Users panel”):
To delete a user, select the user and the click the Delete button.
To delete several users, select them by clicking on them while holding down the control key, and then click the Delete button.
To delete all users, click the Delete All button.