HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

ILO 2 SNMP Pass-Thru Information

 
Larry Low
Occasional Visitor

ILO 2 SNMP Pass-Thru Information

I am unable to find any information on how the ILO 2 performs the SNMP pass-thru.

I am unable to get it to work with RHEL 5 and I assume the problem is how I have Net-SNMP configured since I am not using the "rocommunity" configuration options since it is grossly insecure.

Can someone point me to some documentation that actualy explains how this pass-thru works?
4 REPLIES
David Claypool
Honored Contributor

Re: ILO 2 SNMP Pass-Thru Information

SNMP pass-through requires that the 'hprsm' package be installed to perform the communications between the OS and iLO. The 'hpasm' package needs to be installed to provide the agent information. SNMP on the host won't work without a community string defined, so you really don't have an option.
Larry Low
Occasional Visitor

Re: ILO 2 SNMP Pass-Thru Information

I have both the hprsm and hpasm packages installed and working with Net-SNMP.

The problem with rocommunity is there is no ACL capabilities compared to the VACM configuration in Net-SNMP.

I tested rocommunity but it only works if you do not specify additional parameters (SOURCE, VIEW).
David Claypool
Honored Contributor

Re: ILO 2 SNMP Pass-Thru Information

As long as you're on a private LAN protected by a firewall, I'm not sure what you're afraid of. If you have people sniffing your network traffic, you have bigger problems than SNMP. If someone deduces this is a ProLiant server with 2GB of memory (or whatever they find out using an unauthorized SNMP get), what will that mean?
Larry Low
Occasional Visitor

Re: ILO 2 SNMP Pass-Thru Information

The problem is more with how the ILO communicates to the daemons running on the host operating system. In Linux these daemons are running as root. This is less of a concern when they are only accesible through the SNMP module as the Net-SNMP daemon is running under a more tightly controlled context and provides SNMPv3.

It would be much better if the ILO had its own SNMP stack and would not have to communicate with the host operating system at all for information it already has access to.

If I understood better how the pass-thru works. I assume it tunnels the snmp request to the snmp daemon through the loopback on the host operating system.