SNMP (Simple Network Management Protocol) is an application-layer vendor-neutral protocol for management and monitoring of all sorts of devices on the network. Contrary to what the name implies, we see it primarily being used for monitoring these days. NoTouch supports SNMP - NoTouch can run an SNMP service to allow the device to be queried by an SNMP-capable management or monitoring application.
The SNMP functionality is part of the "Network Management Plus" (NMP) upgrade package and license. It was added in NoTouch OS 2.40.4282.
You will find the relevant parameters in the Services->SNMP section. Simply switching it on will actually be sufficient for most use cases. It is really that simple!
- Enable SNMP service. The master switch to turn SNMP on or off.
- OID restriction. Normally NoTouch will show everything it has on SNMP. This parameter allows for a comma-separated list of OIDs that the standard view will be restricted to.
- Read-only community name. An SNMP v1/v2 read-only community name string.
- Read-only community / Source. Network designation (e.g. 10.0.0.0/16) from which the readonly-community can be accessed when using SNMP v1/v2.
- System location. The well-known sysLocation value (22.214.171.124.126.96.36.199). Supports Macro expansion.
- System contact. The well-known systemContact value (188.8.131.52.184.108.40.206). Supports Macro expansion.
To verify, you can actually log in to the client itself (Console window or via SSH) and execute the following command (of course use the read-only community name you set instead of "public" as in the example below):
snmpwalk -v1 localhost -c public .1
SNMPv3 allows more fine-grained access control. To enable SNMPv3 you need to create at least one SNMPv3 user. These are the fields available:
- User name. User name of your SNMPv3 user
- Password. Password of your SNMPv3 user
- OID restriction. Comma separated list of OIDs that this user is allowed to access. When not set, this will be .1 (everything)
- Write access. A simple on/off field that denotes if the user has write access or not. Note: There is nothing of interest that would make it worthwhile to grant somebody write access.
- Security level. One of noAuthNoPriv (no security), authNoPriv (authentication, but no encryption), authPriv (authentication and encryption), ordered from least to most security.
Notes: The system will automatically select SHA as authentication protocol. MD5 is not being used. Furthermore, authPriv will probably need further configuration entries, please refer to the SNMP configuration pages linked below. Therefore we suggest to start with authNoPriv instead of authPriv.
A quick way to verify you have SNMPv3 running, create a user "testuser" with password "testuser", set .1 as OID restriction, authNoPriv and leave write access "off". Then, login to the client on the Console or via SSH and execute
snmpwalk -v3 -u testuser -A testuser -l authNoPriv -a SHA localhost .1
SNMP on NoTouch will su all standard MIBs available on Linux when running snmpd. Additionally, there are NoTouch specific values.
Stratodesk has its own officially IANA-assigned PEN (private enterprise number) of 53064. Therefore the Stratodesk MIB can be found under 220.127.116.11.4.1.53064.1. The following values may be of interest:
- 18.104.22.168.4.1.53064.1.1.1.1.0 The OS image name
- 22.214.171.124.4.1.53064.1.1.1.2.0 Fixed string "Stratodesk NoTouch OS"
- 126.96.36.199.4.1.53064.1.1.1.3.0 Stratodesk-generated hardware model designation
- 188.8.131.52.4.1.53064.1.1.1.4.0 System serial number taken from DMI (PC) or SoC ID (Pi)
- 184.108.40.206.4.1.53064.1.1.1.5.0 CPU model information
The bundled software Net-SNMP allows for much more detailed configuration. You can specify both command line options for snmpd as well as configuration file options. Whatever you specify here will be used verbatim, that means you need to familiarize with the snmpd software's documentation: