snmpSecurityConfig (Function)

Top  Previous  Next

Architecture:

NX32L

Device support:

All NX devices

Firmware version:

1.52.00


This function is needed for configuring TSM security, both when listening for incoming SNMP traps (manager) and when publishing SNMP variables.

The TSM security also requires a certificate to identify a peer device. The snmpCertSet and snmpCertGet functions are used to manage this list of certificates.

 

 

Input:

Localcert : STRING

The name of the certificate to identify the RTCU device. (see overview)

 

EngineID : STRING (10..64 characters or empty)

The engine ID value as a Hex value (Manager only).

 

Level : STRING

The security level used in communication.

_SNMP_SEC_NONE

- No authentication or encryption

_SNMP_SEC_AUTH

- Authentication and no encryption

_SNMP_SEC_ENC

- Authentication and encryption

 

Returns: INT

1

- Success.

0

- This function is not supported.

-2

- Illegal parameter

 

Declaration

FUNCTION snmpSecurityConfig : INT;
VAR_INPUT
  localcert : STRING;
  engineid  : STRING;
  level     : SINT := _SNMP_SEC_ENC;
END_VAR;

 

Example:

INCLUDE rtcu.inc
 
VAR
  iface    : SINT := 2;
END_VAR;
 
FUNCTION show_cert
VAR_INPUT
  index : SINT;
END_VAR;
VAR
  str   : STRING;
  name  : STRING;
  rc    : INT;
END_VAR;
 
  // Prefix
  str := strFormat(format := "Certificate \1: ", v1 := index);
 
  // Get certificate
  rc := snmpCertGet(index := index, cert := name);
  IF rc < 1 THEN
    DebugFmt(message := str + "snmpCertGet=\1", v1 := rc);
    RETURN;
  END_IF;
 
  // Show
  IF strLen(str := name) = 0 THEN
    DebugMsg(message := str + "<EMPTY>");
  ELSE
    DebugMsg(message := str + name);
  END_IF;
 
END_FUNCTION;
 
PROGRAM example;
VAR
  i        : SINT;
  rc       : INT;
  handle   : SYSHANDLE;
END_VAR;
 
  // Iterate certificates
  DebugMsg(message := "--------------------------------------------------");
  FOR i := 1 TO 10 DO
    show_cert(index := i);
  END_FOR;
 
  // Set certificate
  rc := snmpCertSet(index := 1, cert := "snmp_agent");
  IF rc < 1 THEN
    DebugFmt(message := "snmpCertSet=\1", v1 := rc);
  END_IF;
 
  // Configure
  rc := snmpSecurityConfig(
                          localcert := "snmp_manager",
                          engineid  := "8000000001020304"
                          );
  IF rc < 1 THEN
    DebugFmt(message := "snmpSecurityConfig=\1", v1 := rc);
  END_IF;
 
  // Open net interface.
  rc := netOpen(iface := iface);
  DebugFmt(Message := "netOpen (rc=\1)", v1 := rc);
  WHILE NOT netConnected(iface := iface) DO
    Sleep(Delay := 2000);
  END_WHILE;
  DebugMsg(Message := "Network connected");
 
  // Start to listen for traps
  rc := snmpStartListen(
                        handle    := handle,
                        port      := 10162,
                        community := "public",
                        security  := _SNMP_SEC_TLS
                       );
  IF rc < 1 THEN
    DebugFmt(message := "snmpStartListen=\1", v1 := rc);
  END_IF;
  rc := snmpRegisterTrap(oid := "1.3.6.1.4.1.6101.1.8.8.2.6");
  IF rc < 1 THEN
    DebugFmt(message := "snmpRegisterTrap=\1", v1 := rc);
  END_IF;
  DebugMsg(Message := "Ready");
 
BEGIN
END;
END_PROGRAM;