Skip to main content

nmcfg

The nmcfg (Network Management Configuration) command is used by system administrators or GUI/Web interface applications in the configuration of SNMP for certain Makito X series devices. The nmcfg script reads and edits the standard SNMP configuration files, and then restarts the SNMP agent (snmpd) to apply the new settings.

The nmcfg script supports the configuration of v1/v2c community-based security model and v3 USM (User-based Security Model). The script supports the traditional access permissions (read-only, read-write) and VACM (View-based Access Control Model) views modeling the Makito X user groups (administrator, operator, and guest).

A detailed help, describing the options is available for each command option (for example, nmcfg access help or nmcfg user help).

Synopsis

nmcfg help
nmcfg access help
nmcfg access usm permit <uname> {<group>|ro|rw} [{noauth|auth|priv}]
nmcfg access usm delete <uname>
nmcfg community help
nmcfg community permit <community> {<group>|ro|rw} [<host>]
nmcfg community delete <community> [{<group>|ro|rw} [<host>]]
nmcfg system help
nmcfg system define <param> "<value>"
nmcfg system delete <param>
nmcfg user help
nmcfg user define <uname> [{MD5|SHA} "<pwd>" [{DES|AES} ["<pwd>"]]]
nmcfg user delete <uname>

Options

NameDescription

access

Defines the access permissions granted to the v1/v2c communities and USM (v3) users. Only the USM security model option is shown in the summary help. The v2c security model, a different format for community configuration, is only displayed in the access detailed help. Note that the v2c security model also applies to SNMP v1.

community

Defines community-based (v1v/2c) security configuration for the Makito X.

system

Defines contact and location system parameters.

user

Defines user-based (v3) security configuration for the Makito X.

Actions

ActionDescription

define

Acts as both create and update. If an object does not exist, it is added. If it exists, it is replaced or updated with the new settings. It is then not necessary to delete an existing object to change its settings. All required settings of an object are specified when defining/changing an object. It is not possible to set settings individually.

permit

Defines the access permissions for the community or the user.

Info

Access permissions may be additive. For example, permitting a new source for an existing community adds to the existing one if it complements it.

delete

Deletes the specified object.

help

Displays usage information for the command, or if specified, the option.

Note

nmcfg settings persist after reboots, unlike other Makito X settings which are lost when the unit is rebooted unless saved as a configuration.


Parameters

N/A


Example #1: Initializing a Community-Based (v1/v2c) System

In the example below, a system with default settings is configured to add a distant host access (198.51.100.122) to the existing localhost and localnet accesses of the admin community. Note that the localnet source is a special keyword that translates at runtime to the network settings of the LAN interface. System parameters are also defined. Both IPv4 and IPv6 are enabled.

# nmcfg
snmp agent
--------------- ----------------
status running
transport udp:161
udp6:161
system parameter       value
---------------------- ----------------------------------------
engineid 0x80001f88035c775700b3dc
contact <undefined>
location <undefined>
model perm/group       level  user/community       af   source
----- ---------------- ------ -------------------- ---- ---------------
v2c rw noauth admin ipv4 localhost
v2c rw noauth admin ipv4 localnet
v2c rw noauth admin ipv6 ::1
v2c rw noauth admin ipv6 fe80::/10
v2c ro noauth public ipv4 localnet
v2c ro noauth public ipv6 fe80::/10
# nmcfg system define contact "myname <myname@example.org>"
Starting SNMP Service
# nmcfg system define location "Media Lab"
Starting SNMP Service
# nmcfg community permit admin rw 198.51.100.122
Starting SNMP Service

Example #2: Creating an SNMPv3 User

Two commands are required to create a USM (v3) user and define its access:

# nmcfg user define johnsmith SHA "arfds23dsjs" AES "2394urscxkvn"
# nmcfg access usm permit johnsmith operator

Example #3: Initializing a USM-only (SNMPv3) System

In the example below, system security is enforced by completely disabling SNMPv1/v2c access, and by requiring v3 USM authentication only for users group-based access, and encryption for admins and operators group-based access. Both IPv4 and IPv6 are enabled.

# nmcfg 
snmp agent
--------------- ----------------
status running
transport udp:161
udp6:161

system parameter value
---------------------- ----------------------------------------
engineid 0x80001f88035c775700b3dc
contact <undefined>
location <undefined>
model perm/group       level  user/community       af   source
----- ---------------- ------ -------------------- ---- ---------------
v2c rw noauth admin ipv4 localhost
v2c rw noauth admin ipv4 localnet
v2c rw noauth admin ipv6 ::1
v2c rw noauth admin ipv6 fe80::/10
v2c ro noauth public ipv4 localnet
v2c ro noauth public ipv6 fe80::/10
# nmcfg agent stop
# nmcfg system define contact "joe net <jnet@example.org>"
# nmcfg system define location "Media Lab"
# nmcfg community delete admin
# nmcfg community delete public
# nmcfg user define joenet SHA "arfds23dsjs" AES "2394urscxkvn"
nmcfg: snmp agent is not running, user settings will apply when started
# nmcfg user define johnsmith SHA "89ss5dkj" AES "jfdsf78998sd"
nmcfg: snmp agent is not running, user settings will apply when started
# nmcfg user define guest MD5 "nososecret"
nmcfg: snmp agent is not running, user settings will apply when started
# nmcfg access usm permit joenet administrator priv
# nmcfg access usm permit johnsmith operator priv
# nmcfg access usm permit guest guest
# nmcfg agent start
Starting SNMP Service
# nmcfg
snmp agent
--------------- ----------------
status running
transport udp:161
udp6:161
system parameter       value
---------------------- ----------------------------------------
engineid 0x80001f88035c775700b3dc
contact joe net <jnet@example.org>
location Media Lab
model perm/group       level  user/community       af   source
----- ---------------- ------ -------------------- ---- ---------------
usm guest auth guest - -
usm administrator priv joenet - -
usm operator priv johnsmith - -
auth protocol  priv protocol  user
-------------- -------------- --------------------
MD5 nopriv guest
SHA AES joenet
SHA AES johnsmith


Related Topics

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.