Search code examples
snmpnet-snmpsnmpd

How to configure snmpd.conf file to make work SET command in net-snmp?

I have configured the snmpd.conf as follows

com2sec AllUser default public
group AllGroup v2c AllUser
view AllView included .1
access AllGroup "" any noauth exact AllView none none

mibs +GET-PDU-INFO-MIB
mibs +NOTIFICATION-TEST-MIB

rocommunity private localhost
rwcommunity private localhost

pass .1.3.6.1.4.1.53864.1 /bin/sh /etc/snmp/pduMIBScript.sh

having the path

/etc/snmp/snmpd.conf

So after that i tried to send the following commands

  1. Get Next
  2. Get
  3. Get Bulk
  4. Walk
  5. Set

After trying all the above commands one thing I observe is that all the commands are working perfectly fine except the "Set" command.

To debug this issue first thing I confirmed was that the variable which I was trying to set is having read-write access in the MIB file. MIB file which I was using as follows

GET-PDU-INFO-MIB DEFINITIONS ::= BEGIN

IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, enterprises FROM SNMPv2-SMI
;

pduInfo MODULE-IDENTITY
LAST-UPDATED "202005100000Z"
ORGANIZATION "XYZ"
CONTACT-INFO
     "postal:   admin @ admin"
DESCRIPTION
    "This Mib module defines objects for signal statistics"
REVISION     "202005100000Z"
DESCRIPTION
    "Corrected notification example definitions"
REVISION     "200202060000Z"
DESCRIPTION
    "First draft"
::= { enterprises 53864 }

--
-- top level structure
--
pduVar       OBJECT IDENTIFIER ::= { pduInfo 1 }

--
-- Example scalars
--

gpsVar1 OBJECT-TYPE
   SYNTAX      OCTET STRING
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
      "the latest value of signal"
   DEFVAL { "hello" }
   ::= { pduVar 1 }
   
   END

After sending "SET" command from MIB browser I was getting following error

enter image description here

What will be the reason for the "SET command issue". Can anyone please help me to understand the issue behind this?

Solution

  • After searching a lot finally I found the solution. Now I have edited the snmpd.conf as follows,

    ######################################################################## 
#######
# Access Control
#######################################################################

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in 
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access as well.
#
# The following lines change the access permissions of the agent so
# that the COMMUNITY string provides read-only access to your entire
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
# localhost (127.0.0.1, not its real ipaddress).
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
#com2sec paranoid  default         public
#com2sec readonly  default         public
com2sec readwrite default         private

####
# Second, map the security names into group names:

#               sec.model  sec.name
#group MyROSystem v1        paranoid
#group MyROSystem v2c       paranoid
#group MyROSystem usm       paranoid
#group MyROGroup v1         readonly
#group MyROGroup v2c        readonly
#group MyROGroup usm        readonly
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite

####
# Third, create a view for us to let the groups have rights to:

#           incl/excl subtree                          mask
view all    included  .1                               80
view system included  .iso.org.dod.internet.mgmt.mib-2.system

####
# Finally, grant the 2 groups access to the 1 view with different
# write permissions:

#                context sec.model sec.level match  read   write  notif
#access MyROSystem ""     any       noauth    exact  system none   none
#access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

# ------------------------------------------------------------------