Even when giving the permission of *ALL* for any SNMP community on NetScaler, we are unable to include *SET* permission
Article ID: CTX213208
Updated On:
Description
Even when giving the permission of *ALL* for any SNMP community on NetScaler, we are unable to include *SET* permission
Resolution
The *SET request* is used by management applications and applets to modify the value of a network entity and in this case NetScaler.
When making an SNMP Set request, you need to supply a pair of values in your PDU, OID that you wish to change, and the value to change it to.
To be able to change an OID value, first that OID needs to be read-write (you can find this out by reading the MIB files and checking the ACCESS value) and you will need to know what kind of value that OID will accept.
You can find all the OID’s which have *read-write* access over here (replace X.X.X.X with your NSIP.. you need to be logged in first).. Most of these OID’s are *read-only*.
http://X.X.X.X/support/docs/snmp/HP-Openview/NS-MIB-smiv2.mib
Or else go to Downloads>>SNMP v2 - MIB Object Definitions
Here is one of them which has access of *read-write*.
serverState OBJECT-TYPE
SYNTAX EntityState
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The state of the server."
::= { serverEntry 3 }
So we will Test if setting the Permission to *ALL* for our community public, grants us access to SET changes or not?
So I’ll perform SNMPWalk first for one of my Services available on NS for IP Address “10.107.98.68” to find out it’s current serverState.
puneet@puneetubuntu:~$ snmpwalk -v2c -c public 10.107.98.71 1.3.6.1.4.1 | grep "12.49.48"
iso.3.6.1.4.1.5951.4.1.2.1.1.1.12.49.48.46.49.48.55.46.57.56.46.54.56 = STRING: "10.107.98.68" vsvrName
iso.3.6.1.4.1.5951.4.1.2.1.1.2.12.49.48.46.49.48.55.46.57.56.46.54.56 = IpAddress: 10.107.98.68 vsvrIpAddress
iso.3.6.1.4.1.5951.4.1.2.1.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 80 vsvrPort
iso.3.6.1.4.1.5951.4.1.2.1.1.4.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 0 vsvrType
iso.3.6.1.4.1.5951.4.1.2.1.1.5.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 7 vsvrState
Server State 7 means it is up.
Here are the following value’s for different server state’s
down(1)
unknown(2)
busy(3)
outOfService(4)
transitionToOutOfService(5)
up(7)
transitionToOutOfServiceDown(8)
Now if I try to make a change to the State of this Service by using SET operation.
It returns me an error “notWritable (That object does not support modification)”
puneet@puneetubuntu:~$ snmpset -c public -v2c 10.107.98.71 1.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 i 1
Error in packet.
Reason: notWritable (That object does not support modification)
That means setting the permission of ALL to the community doesn’t allow us to make any changes to NS using SET operation even to the OID which has “read-write” permissions.
To be able to make this change, there is a knob on NS.
NetScaler>>System>>SNMP>>Change SNMP Options>>SNMP Set
If we enable this option “SNMP Set” Along with permission of ALL to our community used, that will give us SET permissions.
Let’s test it and set the Option of ServerState to 4 which is OutOfService. (if you notice, system doesn’t throws back the same error message it did last time and accepts the command)
puneet@puneetubuntu:~$ snmpset -c public -v2c 10.107.98.71 1.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 i 4
iso.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 4
Looking at the Status of my Service, it has been changed from UP to OOS.
We can check the ServerState here and again change it back to 7(UP)
puneet@puneetubuntu:~$ snmpwalk -v2c -c public 10.107.98.71 1.3.6.1.4.1 | grep "12.49.48"
iso.3.6.1.4.1.5951.4.1.2.1.1.1.12.49.48.46.49.48.55.46.57.56.46.54.56 = STRING: "10.107.98.68"
iso.3.6.1.4.1.5951.4.1.2.1.1.2.12.49.48.46.49.48.55.46.57.56.46.54.56 = IpAddress: 10.107.98.68
iso.3.6.1.4.1.5951.4.1.2.1.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 80
iso.3.6.1.4.1.5951.4.1.2.1.1.4.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 0
iso.3.6.1.4.1.5951.4.1.2.1.1.5.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 4
puneet@puneetubuntu:~$ snmpset -c public -v2c 10.107.98.71 1.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 i 7
iso.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 7
puneet@puneetubuntu:~$ snmpwalk -v2c -c public 10.107.98.71 1.3.6.1.4.1 | grep "12.49.48"
iso.3.6.1.4.1.5951.4.1.2.1.1.1.12.49.48.46.49.48.55.46.57.56.46.54.56 = STRING: "10.107.98.68"
iso.3.6.1.4.1.5951.4.1.2.1.1.2.12.49.48.46.49.48.55.46.57.56.46.54.56 = IpAddress: 10.107.98.68
iso.3.6.1.4.1.5951.4.1.2.1.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 80
iso.3.6.1.4.1.5951.4.1.2.1.1.4.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 0
iso.3.6.1.4.1.5951.4.1.2.1.1.5.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 7
So in crux, only if you’ve this option “SNMP Set” Enabled, it will give you permission to write when used with ALL Permission Set.
When making an SNMP Set request, you need to supply a pair of values in your PDU, OID that you wish to change, and the value to change it to.
To be able to change an OID value, first that OID needs to be read-write (you can find this out by reading the MIB files and checking the ACCESS value) and you will need to know what kind of value that OID will accept.
You can find all the OID’s which have *read-write* access over here (replace X.X.X.X with your NSIP.. you need to be logged in first).. Most of these OID’s are *read-only*.
http://X.X.X.X/support/docs/snmp/HP-Openview/NS-MIB-smiv2.mib
Or else go to Downloads>>SNMP v2 - MIB Object Definitions
Here is one of them which has access of *read-write*.
serverState OBJECT-TYPE
SYNTAX EntityState
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The state of the server."
::= { serverEntry 3 }
So we will Test if setting the Permission to *ALL* for our community public, grants us access to SET changes or not?
So I’ll perform SNMPWalk first for one of my Services available on NS for IP Address “10.107.98.68” to find out it’s current serverState.
puneet@puneetubuntu:~$ snmpwalk -v2c -c public 10.107.98.71 1.3.6.1.4.1 | grep "12.49.48"
iso.3.6.1.4.1.5951.4.1.2.1.1.1.12.49.48.46.49.48.55.46.57.56.46.54.56 = STRING: "10.107.98.68" vsvrName
iso.3.6.1.4.1.5951.4.1.2.1.1.2.12.49.48.46.49.48.55.46.57.56.46.54.56 = IpAddress: 10.107.98.68 vsvrIpAddress
iso.3.6.1.4.1.5951.4.1.2.1.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 80 vsvrPort
iso.3.6.1.4.1.5951.4.1.2.1.1.4.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 0 vsvrType
iso.3.6.1.4.1.5951.4.1.2.1.1.5.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 7 vsvrState
Server State 7 means it is up.
Here are the following value’s for different server state’s
down(1)
unknown(2)
busy(3)
outOfService(4)
transitionToOutOfService(5)
up(7)
transitionToOutOfServiceDown(8)
Now if I try to make a change to the State of this Service by using SET operation.
It returns me an error “notWritable (That object does not support modification)”
puneet@puneetubuntu:~$ snmpset -c public -v2c 10.107.98.71 1.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 i 1
Error in packet.
Reason: notWritable (That object does not support modification)
That means setting the permission of ALL to the community doesn’t allow us to make any changes to NS using SET operation even to the OID which has “read-write” permissions.
To be able to make this change, there is a knob on NS.
NetScaler>>System>>SNMP>>Change SNMP Options>>SNMP Set
If we enable this option “SNMP Set” Along with permission of ALL to our community used, that will give us SET permissions.
Let’s test it and set the Option of ServerState to 4 which is OutOfService. (if you notice, system doesn’t throws back the same error message it did last time and accepts the command)
puneet@puneetubuntu:~$ snmpset -c public -v2c 10.107.98.71 1.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 i 4
iso.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 4
Looking at the Status of my Service, it has been changed from UP to OOS.
We can check the ServerState here and again change it back to 7(UP)
puneet@puneetubuntu:~$ snmpwalk -v2c -c public 10.107.98.71 1.3.6.1.4.1 | grep "12.49.48"
iso.3.6.1.4.1.5951.4.1.2.1.1.1.12.49.48.46.49.48.55.46.57.56.46.54.56 = STRING: "10.107.98.68"
iso.3.6.1.4.1.5951.4.1.2.1.1.2.12.49.48.46.49.48.55.46.57.56.46.54.56 = IpAddress: 10.107.98.68
iso.3.6.1.4.1.5951.4.1.2.1.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 80
iso.3.6.1.4.1.5951.4.1.2.1.1.4.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 0
iso.3.6.1.4.1.5951.4.1.2.1.1.5.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 4
puneet@puneetubuntu:~$ snmpset -c public -v2c 10.107.98.71 1.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 i 7
iso.3.6.1.4.1.5951.4.1.2.2.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 7
puneet@puneetubuntu:~$ snmpwalk -v2c -c public 10.107.98.71 1.3.6.1.4.1 | grep "12.49.48"
iso.3.6.1.4.1.5951.4.1.2.1.1.1.12.49.48.46.49.48.55.46.57.56.46.54.56 = STRING: "10.107.98.68"
iso.3.6.1.4.1.5951.4.1.2.1.1.2.12.49.48.46.49.48.55.46.57.56.46.54.56 = IpAddress: 10.107.98.68
iso.3.6.1.4.1.5951.4.1.2.1.1.3.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 80
iso.3.6.1.4.1.5951.4.1.2.1.1.4.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 0
iso.3.6.1.4.1.5951.4.1.2.1.1.5.12.49.48.46.49.48.55.46.57.56.46.54.56 = INTEGER: 7
So in crux, only if you’ve this option “SNMP Set” Enabled, it will give you permission to write when used with ALL Permission Set.
Was this article helpful?
Yes
No
Powered by
