nmcfg

The nmcfg (Network Management Configuration) command is used by system administrators or GUI/Web interface applications in the configuration of SNMP for certain Makito X series devices. The nmcfg script reads and edits the standard SNMP configuration files, and then restarts the SNMP agent (snmpd) to apply the new settings.

The nmcfg script supports the configuration of v1/v2c community-based security model and v3 USM (User-based Security Model). The script supports the traditional access permissions (read-only, read-write) and VACM (View-based Access Control Model) views modeling the Makito X user groups (administrator, operator, and guest).

A detailed help, describing the options is available for each command option (for example, nmcfg access help or nmcfg user help).

Synopsis

nmcfg help
nmcfg access help
nmcfg access usm permit <uname> {<group>|ro|rw} [{noauth|auth|priv}]
nmcfg access usm delete <uname>

nmcfg community help
nmcfg community permit <community> {<group>|ro|rw} [<host>]
nmcfg community delete <community> [{<group>|ro|rw} [<host>]]

nmcfg system help
nmcfg system define <param> "<value>"
nmcfg system delete <param>

nmcfg user help
nmcfg user define <uname> [{MD5|SHA} "<pwd>" [{DES|AES} ["<pwd>"]]]
nmcfg user delete <uname>

Options

Name	Description
access	Defines the access permissions granted to the v1/v2c communities and USM (v3) users. Only the USM security model option is shown in the summary help. The v2c security model, a different format for community configuration, is only displayed in the access detailed help. Note that the v2c security model also applies to SNMP v1.
community	Defines community-based (v1v/2c) security configuration for the Makito X.
system	Defines contact and location system parameters.
user	Defines user-based (v3) security configuration for the Makito X.

Actions

Action	Description
define	Acts as both create and update. If an object does not exist, it is added. If it exists, it is replaced or updated with the new settings. It is then not necessary to delete an existing object to change its settings. All required settings of an object are specified when defining/changing an object. It is not possible to set settings individually.
permit	Defines the access permissions for the community or the user. Info Access permissions may be additive. For example, permitting a new source for an existing community adds to the existing one if it complements it.
delete	Deletes the specified object.
help	Displays usage information for the command, or if specified, the option.

Note

nmcfg settings persist after reboots, unlike other Makito X settings which are lost when the unit is rebooted unless saved as a configuration.

Parameters

N/A

Example #1: Initializing a Community-Based (v1/v2c) System

In the example below, a system with default settings is configured to add a distant host access (198.51.100.122) to the existing localhost and localnet accesses of the admin community. Note that the localnet source is a special keyword that translates at runtime to the network settings of the LAN interface. System parameters are also defined. Both IPv4 and IPv6 are enabled.

# nmcfg
snmp agent
--------------- ----------------
status running
transport udp:161
          udp6:161

system parameter       value
---------------------- ----------------------------------------
engineid               0x80001f88035c775700b3dc
contact                <undefined>
location               <undefined>

model perm/group       level  user/community       af   source
----- ---------------- ------ -------------------- ---- ---------------
v2c   rw               noauth admin                ipv4 localhost
v2c   rw               noauth admin                ipv4 localnet
v2c   rw               noauth admin                ipv6 ::1
v2c   rw               noauth admin                ipv6 fe80::/10
v2c   ro               noauth public               ipv4 localnet
v2c   ro               noauth public               ipv6 fe80::/10

# nmcfg system define contact "myname <myname@example.org>"
Starting SNMP Service

# nmcfg system define location "Media Lab"
Starting SNMP Service

# nmcfg community permit admin rw 198.51.100.122
Starting SNMP Service

Example #2: Creating an SNMPv3 User

Two commands are required to create a USM (v3) user and define its access:

# nmcfg user define johnsmith SHA "arfds23dsjs" AES "2394urscxkvn"
# nmcfg access usm permit johnsmith operator

Example #3: Initializing a USM-only (SNMPv3) System

In the example below, system security is enforced by completely disabling SNMPv1/v2c access, and by requiring v3 USM authentication only for users group-based access, and encryption for admins and operators group-based access. Both IPv4 and IPv6 are enabled.

# nmcfg 
snmp agent
--------------- ----------------
status          running
transport       udp:161
                udp6:161
 
system parameter       value
---------------------- ----------------------------------------
engineid               0x80001f88035c775700b3dc
contact                <undefined>
location               <undefined>

model perm/group       level  user/community       af   source
----- ---------------- ------ -------------------- ---- ---------------
v2c   rw               noauth admin                ipv4 localhost
v2c   rw               noauth admin                ipv4 localnet
v2c   rw               noauth admin                ipv6 ::1
v2c   rw               noauth admin                ipv6 fe80::/10
v2c   ro               noauth public               ipv4 localnet
v2c   ro               noauth public               ipv6 fe80::/10

# nmcfg agent stop

# nmcfg system define contact "joe net <jnet@example.org>"

# nmcfg system define location "Media Lab"

# nmcfg community delete admin

# nmcfg community delete public

# nmcfg user define joenet SHA "arfds23dsjs" AES "2394urscxkvn"
nmcfg: snmp agent is not running, user settings will apply when started

# nmcfg user define johnsmith SHA "89ss5dkj" AES "jfdsf78998sd"
nmcfg: snmp agent is not running, user settings will apply when started

# nmcfg user define guest MD5 "nososecret"
nmcfg: snmp agent is not running, user settings will apply when started

# nmcfg access usm permit joenet administrator priv

# nmcfg access usm permit johnsmith operator priv

# nmcfg access usm permit guest guest

# nmcfg agent start
Starting SNMP Service

# nmcfg
snmp agent
--------------- ----------------
status          running
transport       udp:161
                udp6:161

system parameter       value
---------------------- ----------------------------------------
engineid               0x80001f88035c775700b3dc
contact                joe net <jnet@example.org>
location               Media Lab

model perm/group       level  user/community       af   source
----- ---------------- ------ -------------------- ---- ---------------
usm   guest            auth   guest                -    -
usm   administrator    priv   joenet               -    -
usm   operator         priv   johnsmith            -    -

auth protocol  priv protocol  user
-------------- -------------- --------------------
MD5            nopriv         guest 
SHA            AES            joenet 
SHA            AES            johnsmith

Note

You must be logged in with administrative privileges to enter nmcfg commands.

The nmcfg (Network Management Configuration) command is used by system administrators or GUI/Web Interface applications in the configuration of SNMP for the Makito X decoder. The nmcfg script reads and edits the standard SNMP configuration files, and then restarts the SNMP agent (snmpd,) to apply the new settings.

The nmcfg script supports the configuration of v1/v2c community-based security model and v3 USM (User-based Security Model). The script supports the traditional access permissions (read-only, read-write) and VACM (View-based Access Control Model) views modeling the Makito X decoder user groups (admins, operators, and users).

Note that traps are not supported by the nmcfg script.

A detailed help, describing the options is available for each command option (for example, nmcfg access help or nmcfg user help).

For more information, see "nmcfg" (in SNMP Agent Components).

Synopsis

nmcfg help
nmcfg access help
nmcfg access usm permit <uname> {<group>|ro|rw} [{noauth|auth|priv}]
nmcfg access usm delete
                
nmcfg community help
nmcfg community permit <community> {<group>|ro|rw} [<host>]
nmcfg community delete <community> [{<group>|ro|rw} [<host>]]
                
nmcfg system help
nmcfg system define <param> "<value>"
nmcfg system delete <param>
                
nmcfg user help
nmcfg user define <uname> [{MD5|SHA} "<pwd>" [{DES|AES}] ["<pwd>"]]]
nmcfg user delete <uname>

Options

Option	Description
access	Defines the access permissions granted to the v1/v2c communities and USM (v3) users. Only the USM security model option is shown in the summary help. The v2c security model, a different format for community configuration, is only displayed in the access detailed help. Note that the v2c security model also applies to SNMP v1.
community	Defines community-based (v1v/2c) security configuration for the Makito X decoder.
system	Defines contact and location system parameters.
user	Defines user-based (v3) security configuration for the Makito X decoder.

Actions

Action	Description
define	Acts as both create and update. If an object does not exist, it is added. If it exists, it is replaced or updated with the new settings. It is then not necessary to `delete` an existing object to change its settings. All required settings of an object are specified when defining/changing an object. It is not possible to set settings individually.
permit	Defines the access permissions for the community or the user. Note Access permissions may be additive. For example, permitting a new source for an existing community adds to the existing one if it complements it.
delete	Deletes the specified object.
help	Displays usage information for the command, or if specified, the option.

Note

nmcfg settings persist after reboots, unlike other Makito X decoder settings which are lost when the unit is rebooted unless saved as a configuration.

Example #1: Initialize a Community-Based (v1/v2c) System

In the example below, a system with default settings is configured to add a distant host access (198.51.100.122) to the existing localhost and localnet accesses of the admin community. Note that the localnet source is a special keyword that translates at runtime to the network settings of the LAN interface. System parameters are also defined.

# nmcfg
parameter value
--------------- ------------------------------------
contact<undefined>
location<undefined>

                
perm/group     community             source
-------------- --------------------- ----------------------
rw             admin                 localhost
rw             admin                 localnet
ro             public                localnet
# nmcfg system define contact "myname <myname@example.ord>"
# nmcfg system define location "Media Lab"
# nmcfg community permit admin rw 198.51.100.122

Example #2: Create an SNMPv3 User

Two commands are required to create a USM (v3) user and define its access:

# nmcfg user define johnsmith SHA "arfds23dsjs" AES "2394urscxkvn"
# nmcfg access usm johnsmith operators

Examples #3: Initialize a USM-only (SNMPv3) System

In the example below, system security is enforced by completely disabling SNMPv1/v2c access, and by requiring v3 USM authentication only for users group-based access, and encryption for admins and operators group-based access.

# nmcfg
system parameter value
----------------------- ------------------------------------
contact<undefined>
location<undefined>

                
perm/group         community             source
------------------ --------------------- ----------------------
rw                 admin                 localhost
rw                 admin                 localnet
ro                 public                localnet

                
# nmcfg agent stop
# nmcfg system define contact "joe net <jnet@example.org>"
# nmcfg system define location "Media Lab"
# nmcfg community delete admin
# nmcfg community delete public
# nmcfg user define joenet SHA "arfds23dsjs" AES "2394urscxkvn"
nmcfg: snmp agent is not running, user settings will apply when started
# nmcfg user define johnsmith SHA "89ss6dkj" AES "jfdsf78998sd"
nmcfg: snmp agent is not running, user settings will apply when started
# nmcfg user define guest MD5 "nososecret"
nmcfg: snmp agent is not running, user settings will apply when started
# nmcfg access usm permit joenet admins priv
# nmcfg access usm permit johnsmith operators priv
# nmcfg access usm permit guest users
# nmcfg agent start
# nmcfg

                
system parameter  value
----------------- ------------------------------------
engineid          0x80001f88802054a68b4b75388e
contact           "joe net <jnet@example.org>"
location          "Media Lab"

                
model perm/groupleveluser/community   source
--------------- -------------- ------ ---------------------- ---------
usm users       auth  guest           -
usm admins      priv  joenet          -
usm operators   priv  johnsmith       -

                
auth protocol priv protocol user
---------------------- --------------- -----------
MD5  nopriv            guest
SHA  AES               joenet
SHA  AES               johnsmith

Related Topics

"nmcfg" (in SNMP Agent Components)