The Simple Network Management Protocol version 3 (SNMPv3) support in IBM i 7.2 has been enhanced to provide additional function for native IBM i SNMP managers.
New APIs are now available to perform SNMPv3 operations. These new APIs provide the capability to send GET, GETNEXT and SET SNMP requests using SNMPv3 and to perform SNMPv3 agent engine ID discovery and time synchronization. The APIs are snmpDiscover_v3(), snmpGet_v3(), snmpGetnext_v3(), snmpSet_v3() and snmpFreeAuthCB_v3(). An SNMP manager application must first use the snmpDiscover_v3() API to perform agent SNMP engine ID discovery and time synchronization. The snmpDiscover_v3() API also creates an authentication control block for communication with the agent. Once this is complete, the snmpGet_v3(), snmpGetnext_v3() and snmpSet_v3() APIs may be used to send requests to the agent. Once all communication with the agent is ended, the authentication control block used by the SNMPv3 APIs must be freed using snmpFreeAuthCB_v3(). It is important to note that a manager must have a separate authentication control block for each individual agent that the manager communicates with.
In 7.2, stricter checking is done on the SNMP engine ID. If an SNMP engine ID does not meet the specification defined in RFC 3411 and the system is configured to enable SNMPv3, the SNMP server will fail to start. The easiest way to ensure that you have a valid SNMP engine ID is to allow the system to automatically generate it for you. This can be done with the command:
Due to differences in SNMPv3 manager implementations, it may be necessary to add an environment variable to make a change in the way the IBM i agent performs validation checks during the initial communication with an SNMPv3 manager. If an SNMPv3 manager application is timing out attempting to establish SNMPv3 communications with the IBM i agent, add the environment variable with the following command:
ADDENVVAR ENVVAR(QIBM_SNMPV3_AUTH) VALUE('1') LEVEL(*SYS)
After running this command, the SNMP server must be ended and restarted. In addition, it may be necessary to end and restart the SNMP manager application.
This blog post was originally published on IBMSystemsMag.com and is reproduced here by permission of IBM Systems Media.