Systems and Network Management Perl Net::SNMP, and more on VACM and USM 1 Aims • To understand how to write a Perl program to retrieve simple values from an snmp agent, using: ◦ a community security model ◦ the usm security model • To understand vacm and snmp access control more fully through discussion The main aims of the activities today are: 2 Questions about VACM for Discussion rfc 3415 describes the view obtained when using a family mask as a family of view subtrees. 1. Why do the authors of the standard use the term family of view subtrees? i Questions are continued on the next page. . . Nick Urbanik nicku(at)vtc.edu.hk ver. 1.1 Perl Net::SNMP, and more on VACM and USM Systems and Network Management 2 2. Illustrate your answer to question 1 by creating a view without using a family mask equivalent to that given by the following Net-snmp view statement: view view1 included IF-MIB::ifIndex.4 ff.a0 i 3 Procedure Refer to the lecture notes about Net::SNMP while doing this activity. Refer also to the manual for Net::SNMP, which contains many examples. 1. Configure cpan (you only need do this once): (a) $ sudo perl -MCPAN -e shell (b) The shell will begin its interactive configuration process. Accept all defaults  ¨ by pressing  Enter © , except for the following : • When prompted “CPAN build and cache directory?” enter: /var/cache/cpan Do not accept the default in your home directory; it will not work, since the root user has no right to write to your nfs mounted home directory. • When asked to choose a Policy on building prerequisites, choose “follow”: Policy on building prerequisites (follow, ask or ignore)? [ask] follow Nick Urbanik nicku(at)vtc.edu.hk ver. 1.1 Perl Net::SNMP, and more on VACM and USM Systems and Network Management 3 Some Perl modules depend on others. When installing a module that depends on others, a selection of “ask” here ¤ means the cpan shell will § prompt you and require you to press ¦ Enter ¥ install the prerequisite to module. The selection “follow” means, “Don’t ask me; just go ahead, download and install any modules that are needed to install this one”. • For “Your http proxy?” enter http://hqproxy.vtc.edu.hk:8080/ • When asked to pick a nearby continent, enter 5 to select (5) North America • When asked to “Select your country”, enter 3 to select (3) United States. • When asked “Select as many URLs as you like”, I suggest just enter the first few numbers (corresponding to the first few urls); I put “1 2 3 4 5 6 7”. The numbers are just separated by spaces. 2. Install Net::SNMP using cpan, as described in the notes, with: cpan> install Net::SNMP Net::SNMP::Interfaces Net::SNMP::HostInfo 3. Write a program to read outgoing network traffic from your loopback network interface, and print it as a single number of bytes. 4. Verify that the number given matches that read using /sbin/ifconfig, and making an snmp query using snmpget. 5. Ensure that your agent is properly configured with at least one usm account, as required by the snmpv3 tutorial. 6. Write a second program to read outgoing network traffic on the loopback network interface using usm. Again, verify that the output of your program is consistent with other ways of obtaining the same information. Nick Urbanik nicku(at)vtc.edu.hk ver. 1.1