SNMP

From Allegro Network Multimeter Manual
Jump to navigation Jump to search

SNMP can be used in two ways: to obtain some basic statistics of the status of the Allegro Network Multimeter or to get informed about incidents via SNMP traps.

Query information via SNMP

SNMP support can be enabled in the menu "Settings -> Remote access & export -> SNMP".

Configuration settings

Configuration value Available options Firmware Version
Enabled off
on for SNMPv1 support
< 3.0
SNMP service disabled
SNMPv1
SNMPv2c
SNMPv3
>= 3.0
Community The community string used by SNMPv1/v2c. Default value or empty is "public".
User name The SNMPv3 user name >= 3.0, < 4.2
User password The SNMPv3 password for authentication and encryption >= 3.0 , < 4.2
Authentication method SHA
SHA-256
SHA-512
>= 3.0 , < 4.2
Encryption method AES >= 3.0 , < 4.2
Name translates to sysName >= 4.2
Location translates to sysLocation >= 4.2
Contact translates to sysContact >= 4.2
Multiple User (for v3) multiple users with:

- username

- password

- authentication method and authentication password

- encoding method and encoding password

(authentication and encoding password are now different settings, both have to be set)

>= 4.2

Supported attributes

  • hostname (1.3.6.1.2.1.1.5.0)
  • uptime (1.3.6.1.2.1.25.1.1.0)
  • interfaces (1.3.6.1.2.1.2.1.0, 1.3.6.1.2.1.3.0, 1.3.6.1.2.1.4.0)
  • temperature (1.3.6.1.4.1.2021.13.16.2.1.2.1 -.7)
  • ICMP (1.3.6.1.2.1.5)
  • storage (1.3.6.1.2.1.25.2.3.1.3)

Supported transport methods

The SNMP access uses UDP on port 161. If SNMPv3 is enabled, it uses the User-Based Security Model (USM) for authentication and ecryption. In this mode, only "authPriv" is supported.

Available SNMP versions and transport layer
SNMP version Protocol and port Security
v1/v2c UDP 161 none
v3 UDP 161 USM authPriv
Overview of available feature combinations for SNMP access
Feature set SNMP v1 SNMP v3
plain access yes no
authentication no mandatory (SHA, SHA-256, SHA-512)
encryption no mandatory (AES)
USM no yes
via TLS no no
via DTLS no no
via SSH no no

SNMP trap

The Allegro Network Multimeter can be configured to use SNMP traps as incident channel.

Testing reception and proper decoding of SNMP traps

Sending SNMP traps may be tricky for several reasons. Since SNMP traps are sent as UDP packets, the sender does not get informed of successful transfer. Furthermore, the settings of the sender and receiver must match, so that the trap will be accepted and can be decoded. Finally, the trap receiver should be able to process the Management Information Base (MIB) to interpret the sent attributes.

A reference installation is described here to test basic SNMP trap transfer and processing.

SNMP V3 traps

  • The setup uses a Docker image of Debian stable, create and start a container with exposed UDP ports 161 and 162:
docker run -it --name "snmp_trap_receiver_test" -p 161:161/udp -p 162:162/udp debian:stable
  • Some of the required packages are in the non-free repository, so edit /etc/apt/sources.list to contain the following entries:
deb http://deb.debian.org/debian stable main non-free
deb http://deb.debian.org/debian-security stable-security main non-free
deb http://deb.debian.org/debian stable-updates main non-free
  • Install the following packages:
apt-get update
apt-get install snmp-mibs-downloader snmptrapd
  • From outside the container, copy the MIB file into the Docker container:
docker cp ALLEGRO-NETWORK-MULTIMETER-MIB.txt snmp_trap_receiver_test:/usr/share/snmp/mibs/
  • Configure access control in /etc/snmp/snmptrapd.conf:
#
# EXAMPLE-trap.conf:
# An example configuration file for configuring the Net-SNMP snmptrapd agent.
#
###############################################################################
#
# This file is intended to only be an example.
# When the snmptrapd agent starts up, this is where it will look for it.
#
# All lines beginning with a '#' are comments and are intended for you
# to read. All other lines are configuration commands for the agent.
#
# PLEASE: read the snmptrapd.conf(5) manual page as well!
#
#authCommunity log,execute,net private
#authCommunity log,execute,net public
#
## send mail when get any events
#traphandle default /usr/bin/traptoemail -s smtp.example.org foobar@example.org
#
## send mail when get linkDown
#traphandle .1.3.6.1.6.3.1.1.5.3 /usr/bin/traptoemail -s smtp.example.org foobar@example.org

## user definition to test snmptrapd:
createUser -e 0x8000000001020304 homeoffice SHA "foobarfoo" AES "foobarbaz"
authUser log,execute,net homeoffice
  • Start listening for incomin SNMP traps:
/usr/sbin/snmptrapd -A -Le -p /run/snmptrapd.pid -f -d -m ALLEGRO-NETWORK-MULTIMETER-MIB

  • Configure an SNMP trap incident channel in the Allegro Network Multimeter:
    • navigate to: Generic > Incidents
    • select tab: Configuration of notification channels
    • Add channel:
      • select Type: SNMP trap
      • SNMP trap settings:
        • Version: SNMPv3
        • Trap receiver hostname/IP: the host of your docker container running Debian with snmptrapd
        • Authentication protocol: SHA
        • Authentication password: foobarfoo
        • Privacy protocol: AES
        • Privacy password: foobarbaz
        • Security name: homeoffice
        • Security level: authPriv
        • Engine ID: 0x8000000001020304
  • Configure an incident rule in the Allegro Network Multimeter, which uses the configured channel:
    • select tab: Configuration of incident rules
  • Trigger an incident, it will be decoded and shown in the Docker container