DIGITAL TCP/IP Services for OpenVMS
Management


Previous Contents Index

11.7.1.3 Command Examples

In the following snmp_trapsnd command examples:

  1. Generate a trap on behalf of the local host (the agent parameter) using the default version (SNMPv1). (Do not specify the -h host flag/parameter, so that the trap will be sent to the local host.)


    $ snmp_trapsnd 0.0 local 0 0 0 
     
    Message received from 127.0.0.1 
     
    SNMPv1-Trap-PDU: 
     
    community -  7075626C 6963                         public 
     
    enterprise - 0.0 
    agent address - 0.0.0.0 
    trap type - Cold Start (0) 
    timeticks - 51938978 
    

  2. Generate the same trap as in the previous example but specify that you want to use SNMPv2.


    $ snmp_trapsnd 0.0 local  0 0 0 "-v2c" 
     
    Message received from 127.0.0.1 
     
    SNMPv2-Trap-PDU: 
     
    community -  7075626C 6963                         public 
     
    sysUpTime.0 - 51938968 = 6 d 0:16:29 
    snmpTrapOID.0 - 0.0 
     
    

  3. Send values to the node mynode with the community name special:


    $ snmp_trapsnd 1.2.3 marley.dec.com 6 33 100 -c special -h mynode 
     
    Message received from 16.20.208.68 
     
    SNMPv1-Trap-PDU: 
    community -  73706563 69616c            special 
     
    enterprise - 1.2.3 
    agent address - 6.20.208.53 
    trap type - Enterprise-specific (6) 
    enterprise-specific value - (33) 
    timeticks - 100 
    

11.7.2 Entering Commands for the Trap Receiver Program

The trap receiver program lets you listen for, receive, and display SNMP trap messages. Until interrupted, the program continues to listen on the specified port.

If you enter commands using the default port number or another privileged port number, you must run the program from a privileged account.

To run the trap receiver program, do the following:

  1. Define a foreign command for the program. Enter:


    $ snmp_traprcv == "$SYS$SYSTEM:TCPIP$SNMP_TRAPRCV" 
    

    Or, you can run SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM to define all the foreign commands available with TCP/IP Services.

  2. Enter a command using the following format:


    $ snmp_traprcv [-d] [-tcp] [-p port] 
    

11.7.2.1 Flags

The snmp_traprcv flags are described in Table 11-8.

Table 11-8 Flags for the snmp_traprcv Command
Flag Description
-d Displays a hexadecimal and formatted dump of the received packet.
-p port Specifies the port number on the local host on which to listen for trap messages. The default is 162.
-tcp Listens on the TCP port instead of the UDP (default) port. Reads only a single PDU on an established connection, which is similar to the behavior using UDP.

11.7.2.2 Setting Up an SNMP Trap Service

To set up an SNMP trap service for use with the trap receiver program, enter a management command in the following format:


TCPIP> SET SERVICE SNMP-TRAP /PORT=170 / PROTOCOL=UCP / USER=TCPIP$SNMP - 
_TCPIP> /PROCESS=TCPIP$SNMP-TRAP /FILE=TCPIP$SYSTEM:TCPIP$SNMP-TRAP.COM 

In this command, port 170 is used as an alternative for port 162. In this case, traps that are sent to port 162 are ignored.

If you omit the /PROTOCOL qualifier or you use /PROTOCOL=TCP, the service uses the TCP transport. In this case, when you enter a command to run the trap receiver program, you must include the -tcp flag.

With the SNMP trap service in place, the trap receiver program queries the service for the port number instead of using the default port 162. If you specify a privileged port number (less than 1024) with the /PORT qualifier, make sure you install the trap receiver program with privileges or run the program from an account that has SYSPRV privilege. Note that the port number must be greater than 0.

11.7.2.3 Command Examples

In the following snmp_traprcv command examples, the first line is the snmp_traprcv command.

  1. Request trap information on a system that does not have traps configured and does not have SYSPRV privilege or sufficient privilege:


    $ snmp_traprcv 
    No snmp-trap service entry, using default port 162. 
    bind - : permission denied 
    

  2. From a nonprivileged account, request trap information in hexadecimal dump format on port 1026:


    $ snmp_traprcv -d -p 1026 
     
    Message received from 127.0.0.1 
     
    3082002A 02010004 06707562 6C6963A4   0..*.....public. 
    1D060547 81AD4D01 40040000 00000201   ...G..M.@....... 
    00020100 4304032D AED23082 0000       ....C..-..0... 
    SNMPv1-Trap-PDU: 
     
    community -  7075626C 6963                         public 
     
    enterprise - 0.0 
    agent address - 0.0.0.0 
    trap type - Cold Start (0) 
    timeticks - 53325522 
    

11.8 Including Extension Subagents in the Startup and Shutdown Procedures

You can add additional (extension) subagents to the SNMP startup and shutdown procedures by editing the following files:
File Name Edit Required
TCPIP$EXTENSION_MIB_STARTUP.COM Edit the example lines to include an INSTALL CREATE command for custom images that need to be installed, possibly with privileges. Remove extra example lines, and adjust the GOTO statement.
TCPIP$EXTENSION_MIB_RUN.COM Edit the example lines to include a RUN command for custom images. Remove extra example lines, and adjust the GOTO statement.
TCPIP$EXTENSION_MIB_SHUTDOWN.COM Edit the example lines to:
  • Include symbols for the detached processes that are running custom images. Use the same process names specified in TCPIP$EXTENSION_MIB_RUN.COM.
  • Modify the IF and THEN statements to include the new symbols.
  • Include an INSTALL DELETE command for images installed in TCPIP$EXTENSION_MIB_STARTUP.COM.
  • Remove extra example lines, and adjust the GOTO statement.

11.9 Writing an SNMP Subagent

You can use the following header and object library files (located in TCPIP$SNMP) to create your own subagents:

Table 11-9 lists the files that are available to help you develop MIBs and subagents. Except where noted, the files are located in the [.SNMP] subdirectory of TCPIP$EXAMPLES.

Table 11-9 Files for Building a Subagent
File Description
GAWK.EXE_ALPHA Interpreter for MIB converter AWK. (Alpha)
GAWK.EXE_VAX Interpreter for MIB converter AWK. (VAX)
MIB-CONVERTER.AWK A UNIX based awk shell script that takes a MIB definition in ASN.1 notation and converts it to an .MY file.
RFC1213.MY MIB-II definitions.
RFC1231.MY IEEE 802.5 Token Ring MIB definitions.
RFC1285.MY FDDI MIB definitions.
RFC1442.MY SNMPv2 Structure of Management Information (SMI) definitions.
SNMP-SMI.MY SNMPv2 SMI definitions from RFC 1902 (which obsoletes RFC 1442).
SNMP-TC.MY SNMPv2 SMI definitions from RFC 1903 (which obsoletes RFC 1443).
TCPIP$BUILD_CHESS.COM Command file that builds the sample Chess subagent.
TCPIP$CHESS_SUBAGENT.OPT Options file for use in building the sample Chess subagent.
TCPIP$MIBCOMP.EXE
TCPIP$MOSY.EXE
TCPIP$SNMPI.EXE
Located in SYS$SYSTEM. Images associated with the MIB compiler.


Part 4
Configuring Network Applications

Part 4 describes how to set up popular networking end-user applications.

Chapter 12 describes how to set your host as a TELNET and FTP server, allowing users on remote hosts to establish login sessions and transfer files.

Chapter 13 describes how to set up the server implementations of the popular Berkeley Remote (R) commands that enable remote file copying (RCP), remote logins (RLOGIN), remote command execution (RSH and REXEC), and remote management of magnetic tape and CD-ROM (RMT/RCD) drives.

Chapter 14 and Chapter 15 describe how to configure and manage the components that allow users to send and receive internet electronic mail.


Chapter 12
Configuring and Managing TELNET and FTP

The DIGITAL TCP/IP Services for OpenVMS product includes implementations of the end-user applications TELNET and FTP.

This chapter describes how to set up your host as a TELNET and FTP server.

For information on using TELNET and FTP, see the DIGITAL TCP/IP Services for OpenVMS User's Guide. For information on using the TELNET print symbiont, see Chapter 19.

12.1 Managing TELNET

Managing TELNET includes the following tasks:

12.1.1 Setting Up User Accounts

Hosts typically run a TELNET server with TELNET client software. Users on client hosts need valid accounts on server hosts before using TELNET to establish a remote session.

If your local host is to be a TELNET server, create OpenVMS accounts for remote users. You can create several individual accounts or one account that many remote users will share.

12.1.2 Maximum Number of User Sessions

The default maximum number of TELNET sessions that a user can simultaneously establish is 10. To change this number, define the logical name TCPIP$TELNET_MAX_SES n. Enter:


$ DEFINE /SYSTEM TCPIP$TELNET_MAX_SES n

12.1.3 Creating and Deleting Sessions

You can create and delete TELNET sessions from within a command procedure or interactively. Enter the DCL TELNET command with the /CREATE_SESSION and /DELETE_SESSION qualifiers. These qualifiers have the same function as:


TELNET> CREATE_SESSION host port dev_unit

and


TELNET> DELETE_SESSION dev_unit

Example


$ TELNET /CREATE_SESSION TS405 2002 902

You can create a TELNET device that times out after a specified idle period then reconnects when data is written to it. Use the /TIMEOUT qualifier to specify the idle time and the reconnection interval as described below:
Qualifier Description
/TIMEOUT Creates a TELNET device which has the following connection attributes:
  • NOIDLE---The connection is broken when the device is finally deassigned. The device will automatically reconnect when data is written to it.
  • IDLE---Specifies the idle time for the device. If the device is idle for at least the specified amount of time (note that the time has a granularity of one second), then the connection will be broken. Idle means that the device has neither received nor set any data for the idle period.
  • NORECONNECTION---The device does not automatically retry reconnections if they fail.
  • RECONNECTION---When data is written to the device and it is not connected, this value determines the interval between reconnection attempts. For example, if an application writes to a TN with a RECONNECTION-0:1:00, then if the first connection attempt fails, subsequent connection attempts will be made in one-minute intervals.
/NOTIMEOUT Creates a TELNET device which breaks the connection when the device is finally deassigned (the last channel assignment is deassigned).

12.1.4 Displaying Login Messages

To display login and logout messages at the operator's console and log file, enter:


TCPIP> SET SERVICE TELNET /LOG=(LOGIN,LOGOUT) 

12.1.5 TELNET Client: TN3270

IBM 3270 Information Display System (IDS) terminal emulation (TN3270) lets users make connections to hosts that use IBM 3270 model terminals.

TN3270 has default IBM 3270 IDS function assignments for DIGITAL keyboards. In addition, users can make their own assignments and might ask you for help. TCP/IP Services provides EBCDIC-to-DMCS and DMCS-to-EBCDIC translation tables you can customize. Appendix C describes how to customize and rebuild these translation tables.

12.2 Managing FTP

The File Transfer Protocol (FTP) software is for file transfers between "nontrusted" hosts. Nontrusted hosts require user name and password information for remote logins. Managing FTP consists of the the following tasks:

12.2.1 Enabling and Disabling FTP

After FTP is configured by the postinstallation configuration procedure, it is started automatically.

To stop any new connections, disable the FTP server interactively or permanently, every time the product starts.

See the DIGITAL TCP/IP Services for OpenVMS Management Command Reference for descriptions of the SET SERVICE and SET CONFIGURATION SERVICE commands.

12.2.2 Configuring Anonymous FTP

Anonymous FTP is an FTP session in which a user logs in to the remote server using the user name anonymous and, by convention, the user's real user name as the password.

On the local FTP Server, local users can access files without password authentication. Remote users do not require an account. File access is controlled by regular OpenVMS access restrictions.

By default, TCPIP$CONFIG creates an account on the root directory SYS$SYSDEVICE:[ANONYMOUS]. The usual OpenVMS file protection restrict file access for inbound anonymous FTP sessions to this directory, its subdirectories, and files with the UIC [ANONYMOUS,ANONYMOUS].

In this case, a remote FTP client can:

How you set up Anonymous FTP determines the availability of end-user features. Your configuration can offer or limit the following features:

Example


% ftp tragopan
Connected to tragopan.asian.pheasant.edu. 
220 tragopan.asian.pheasant.edu FTP Server (Version 5.0) Ready. 
 
Name (tragopan:wings): ANONYMOUS
331 Guest login ok, send ident as password. 
Password: CARIBBEAN 
230  Guest login ok, access restrictions apply. 
 
        Welcome to DIGITAL TCP/IP Services for OpenVMS  
           on internet host TRAGOPAN    Date 24-DEC-1998 
FTP> 

In this example, UNIX user ubird connects to the ANONYMOUS account on OpenVMS host TRAGOPAN. TRAGOPAN asks for ubird's password, which is not echoed.

12.2.2.1 Concealed File Systems

The FTP Server processes each command individually as it receives the command and echoes a reply based on the command parameters. A reply can include a file specification that displays part of the server file system.

For security, Anonymous FTP masks file system devices and directories in FTP replies. The following messages show the difference between an unmasked file structure, shown in the first reply, and the less-specific, masked structure in the second.


220 opening data connection for USER8$:[HIDEME.PROJECT.TASK]PLAN.PS 
 
220 opening data connection for SYS$LOGIN:[PROJECT.TASK]PLAN.PS  

12.2.2.2 Setting Up Anonymous FTP

Complete the following steps to set up Anonymous FTP access on your system:

  1. Create an account ANONYMOUS with the password GUEST.
  2. Set account access restrictions NOLOCAL, NOBATCH, NOREMOTE, and NODIALUP
  3. Create a welcome banner. When an anonymous user logs in, FTP informs the user of the account's restrictions. This information consists of a banner in the format of a HELP screen. Define the text you want to display by defining the TCPIP$FTP_ANONYMOUS_WELCOME logical name.
  4. Specify a location for the log files generated by FTP sessions.
    Use the TCPIP$FTP_ANONYMOUS_LOG logical name. If you do not define TCPIP$FTP_ANONYMOUS_LOG, FTP puts the files in SYS$SYSDEVICE:[TCPIP$FTP]TCPIP$FTP_ANONYMOUS.LOG.
  5. Specify a user name for the Anonymous FTP account. Define the logical name TCPIP$FTP_ANONYMOUS_ALIAS.

12.2.2.3 Managing FTP with Logical Names

DIGITAL TCP/IP Services for OpenVMS provides the logical names described in Table 12-1 that you can use to manage the FTP server.

Table 12-1 FTP Logical Names
Logical Name Description
TCPIP$FTP_ANONYMOUS_ALIAS Defines an equivalence list (up to 10 entries) of the login names of users with access to the Anonymous account. These users share the same access rights and restrictions.

If you do not define this logical name, the default is "anonymous" as the only login name.

The following command shows how to create an equivalence list with the names THOMAS, JONES, and SMITH. These users can log in to the FTP Anonymous account without a password.

$ DEFINE TCPIP$FTP_ANONYMOUS_ALIAS THOMAS,JONES,SMITH

TCPIP$FTP_SERVER_ANNOUNCE Defines location and file name for the announcement text displayed to users at connect time, before the login sequence.

The following example shows a prelogin announcement.

"DIGITAL TCP/IP Services for OpenVMS FTP Server Ready."

TCPIP$FTP_ANONYMOUS_WELCOME Defines location and file name for the welcome text displayed to anonymous users at connect time, after the login sequence.
TCPIP$FTP_CONVERT_FILE Define this logical name as TRUE or FALSE. When defined as TRUE, the FTP server converts files to variable with fixed-length control (VFC) formatted files before transfer. With the VFC file, users retain the Record Management Services (RMS) formatting information of their files.

If you define TCPIP$FTP_CONVERT_FILE as FALSE, there is no conversion, and RMS formatting information is lost after the file transfer.

TCPIP$FTP_ANONYMOUS_DIRECTORY Lists public directories accessible by Anonymous FTP.
TCPIP$FTP_EXTLOG Enables detailed logging of errors in the TCPIP$FTPD.LOG file. Before you start FTP, define this logical name in the system logical name table.
$ DEFINE TCPIP$FTP_EXTLOG /SYSTEM

TCPIP$FTP_FILE_ALQ Specifies the number of blocks to be preallocated by Record Management Services (RMS) to a disk when a file is created. For information about how to change the default, see Section A.6.1.
TCPIP$FTP_FILE_DEQ Specifies the number of blocks to be added when RMS automatically extends the file. For information about how to change the default, see Section A.6.1.
TCPIP$FTP_ANONYMOUS_LOG Defines the location of the ANONYMOUS log file. The default is SYS$SYSDEVICE:[TCPIP$FTP].
TCPIP$FTPD_IDLETIMEOUT Defines the maximum time interval that FTP processes can remain idle before FTP closes them. TCP/IP Services terminates the FTP process if no control or data connection activity exists for the specified time. The default idle time is 15 minutes. This feature can help to improve system performance.

Specify a value as hh:mm:ss.

TCPIP$FTP_KEEPALIVE Detects idle and broken FTP connections. Define it on the client host as TRUE or FALSE.
TCPIP$FTPD_KEEPALIVE Detects idle and broken FTP connections. Define it on the server host by entering:
TCPIP> SET SERVICE FTP /SOCKET_OPTIONS=KEEPALIVE

TCPIP$FTP_NO_VERSION If you define TCPIP$FTP_NO_VERSION, FTP does not send file version numbers when you enter the mget and the ls commands to a host that is not an OpenVMS host. Define this logical name in the system logical name table.
 $ DEFINE /SYSTEM TCPIP$FTP_NO_VERSION 1

TCPIP$FTP_RAW_BINARY With this logical name turned on, FTP transfers files in block I/O mode if the server and client are in image mode. To activate this feature, define the logical name as TRUE.

An FTP end-user can override your FALSE definition with the FTP PUT /RAW command.

TCPIP$FTP_STREAMLF If you define this logical name as TRUE, the FTP server and client create files as STREAM_LF files. The default is variable-length files.
TCPIP$FTP_WNDSIZ This logical name sets the window size of the TCP send and receive buffers. Specify a decimal number for the number of bytes.

Note

1 The logical names GUEST$PUBLIC and ANONYMOUS$USER are examples of directories you can set up to provide an anonymous FTP service.


Previous Next Contents Index