HPE Community
Server Management - Systems Insight Manager
1833522 Members
3064 Online
110061 Solutions
New Discussion

SNMP traps forwarding through iLO/RILOE

 
SOLVED
Go to solution
Guillaume Ducroix
Advisor

‎04-01-2004 02:32 AM

‎04-01-2004 02:32 AM

SNMP traps forwarding through iLO/RILOE

We use remote insight boards to manage servers, we also use SIM and hp Agents to monitor servers.

Here is what we want to do:
Allow SNMP traps forwarding from hp Agents to SIM through insight boards. Thus we can filter SNMP traffic throught our WAN/LANs and DMZs.

Here is what I read:
1) The insight boards docs recommend to create a separate subnet to plug insight boards (iLO Best Practices, page 3).
2) insight boards can forward hp Agents SNMP traps to SIM (if configured to) (iLO User Guide, page 279).
3) To allow SNMP forwarding, the user guide says that we must ensure that the SIM server and insight boards are on the same subnet (iLO User Guide, page 320).

Is there a specific SNMP configuration to apply on this server to bypass the 3rd point ?

Thanks if any idea.
0 Kudos
Reply
6 REPLIES 6
David Claypool
Honored Contributor

‎04-01-2004 02:41 AM

‎04-01-2004 02:41 AM

Re: SNMP traps forwarding through iLO/RILOE

The iLO/RILOE does not have its own SNMP stack. It literally is forwarding a message that originates with the host and looks like it came from the host.
0 Kudos
Reply
Guillaume Ducroix
Advisor

‎04-01-2004 02:50 AM

‎04-01-2004 02:50 AM

Re: SNMP traps forwarding through iLO/RILOE

All right. I have two more questions:

The SNMP configuration recommended for hp Agents (on client servers must allow traps to be sent to the SIM server and accept traps from the SIM) still applicable ?

And the read community strings must accept the public community on the SIM server also ?
0 Kudos
Reply
David Claypool
Honored Contributor

‎04-01-2004 04:09 AM

‎04-01-2004 04:09 AM

Re: SNMP traps forwarding through iLO/RILOE

"The SNMP configuration recommended for hp Agents (on client servers must allow traps to be sent to the SIM server and accept traps from the SIM) still applicable ?"

The SNMP service on the managed server must have a trap destination configured or a trap can't be sent.

"And the read community strings must accept the public community on the SIM server also ?"

'public' is a common community string used by default. The word 'public' doesn't have to be used; it can be anything as long as they match.
0 Kudos
Reply
Guillaume Ducroix
Advisor

‎04-01-2004 04:32 AM

‎04-01-2004 04:32 AM

Re: SNMP traps forwarding through iLO/RILOE

Maybe I made a confusion in my questions, apologizes :-)

My first question was for the managed servers SNMP configuration. Is there a way for managed servers to accept only traps from the local host and send traps only through iLO/RILOE without configuring trap destinations in the SNMP service ?

My second question came from the fact that there's no way to configure SNMP communities on a iLO/RILOE card (as you said, there's no SNMP stack) and the user guide (page 189) says that in order to receive SNMP alerts from iLO/RILOE, the public community string must be set in the SIM server. So I though, that without this, SNMP traps could not be received by the SIM server.
But maybe it's another thing, I'm not very clever with SNMP.

Thanks
Guillaume
0 Kudos
Reply
David Claypool
Honored Contributor

‎04-01-2004 05:03 AM

‎04-01-2004 05:03 AM

Solution

Re: SNMP traps forwarding through iLO/RILOE

"{My first question was for the managed servers SNMP configuration. Is there a way for managed servers to accept only traps from the local host and send traps only through iLO/RILOE without configuring trap destinations in the SNMP service ?"

The SNMP service should have the "Accept SNMP Packets from..." set to Localhost and the hpSIM server. The agents use SNMP to communicate among each other (although not out on the wire). You will need to have READ/WRITE set for at least one community string for the agents to use. You can use a different one as READ-ONLY for hpSIM. The difference is that the READ/WRITE one will never appear on your wire for someone to sniff.

"My second question came from the fact that there's no way to configure SNMP communities on a iLO/RILOE card (as you said, there's no SNMP stack) and the user guide (page 189) says that in order to receive SNMP alerts from iLO/RILOE, the public community string must be set in the SIM server. So I though, that without this, SNMP traps could not be received by the SIM server.
But maybe it's another thing, I'm not very clever with SNMP."

'public' is common, but it doesn't have to be that as long as it matches between the SNMP service and hpSIM. You could configure your READ-ONLY community string as 'guillame' and then have hpSIM use that as well. It's best not to use public because that's the first one hackers will try. If you use something else, at least they are forced to use a sniffer to figure it out.

Reply
Guillaume Ducroix
Advisor

‎04-01-2004 05:08 AM

‎04-01-2004 05:08 AM

Re: SNMP traps forwarding through iLO/RILOE

Great !

Thanks a lot.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.