The internet is an amazing source of information, but it doesn’t necessarily contain the answer to absolutely everything. Like, for example, how to remotely control the power outlets of an APC Power Distribution Unit using Simple Network Management Protocol.
Consequently we had to figure it out for ourselves. We publish our findings here for the benefit of those investigating PDU remote control using SNMP.
SNMP has been around pretty much since networking began. It remains largely unchanged and can provide a wealth of information about your device or indeed your entire network. Getting set up with SNMP is fairly simple – most managed network devices have the capability built in and computers running both Windows and Linux can have SNMP turned on just by installing the package or enabling the features. There are also several reputable SNMP monitoring packages freely available via the web as well as paid-for versions.
Using SNMP is also fairly straight forward – it operates in both Read Only and Read Write mode. Most setups only require Read Only mode as you are normally just interested in receiving data from your device. In Read Write mode you can also use it to make changes to the device in question and that is what we plan to do here. There is also SNMP v1, v2c and v3. Version 1 is the oldest and as such the simplest to setup but is also the least secure. It can’t handle 64 bit counters so version 2c came along but was still pretty insecure. V3 has the security and authentication available and although it is more work to set up, it will leave your device less open to misuse.
The APC PDUs are capable of SNMP v1 and v3.
A quick break down of the process we are going to look at is as follows:
- Enable a device on the network so we can see SNMP data from it
- Find the correct MIB package so we can understand what we are seeing
- Use a MIB browser to pick the items we are interested in
- Use SNMPwalk and SNMPset to read and change values on the device
So first thing is to enable your device to talk SNMP. This requires you to enable v1 access and set a community string. That is all you need in the basic setup. On the APC device you set the community string, the allowed IP addresses if required and the level of access (Read Only or Read Write). If you just wish to see the status of the ports you can do this under Read Only access but if you wish to be able to turn them on or off you will need to enable Read Write access.
Once the device has SNMP enabled you then need something that can talk to the device. This can be your workstation with a simple SNMP tool installed. There are many available free on the web and you can try several until you find one that suits your needs.
We will start off the basics using a Command Line version on our linux workstation.
You can then retrieve all the information that the target device is able to give you using the following command (where the IP address is that of the target device):
snmpwalk -v 1 -c communitystring 192.168.0.1
We have hidden some of the command line fields but this is the kind of output you should see from an SNMPwalk:
If you get to see an output similar to above then you are successfully reading from the device.
What’s it all mean?
The long strings of numbers on the left hand side are known as Object Identifiers or OIDs. Manufacturers identify each aspect of the device that can be interacted with and assign them an OID, ordering them in a hierarchical tree manner. These OIDs are then gathered into a Management Information Base or MIB pack and usually made available by the manufacturers. (Thanks guys!)
So, you need to identify and get hold of the relevant MIB pack for the PDU you are working with and then use a MIB browser to translate the OIDs into something that you and other mortals might have a chance of understanding.
iReasoning, for example, make a fantastic MIB browser (a personal version of which is freely available). It makes the tree structure that the OIDs are presented in much easier to understand.
With the information ‘translated’ by the MIB Browser you can now see which functions or properties of the device you might like to interact with and what their values correspond to. The example above shows the OID rPDUOutletControlOutletCommand which controls the status of a power outlet. Eureka!
The value of an OID is usually an integer. In this case, changing it to the number 2 switches off the power to outlet 4 on the PDU in question. You achieve this with the following command:
snmpset -v 1 -c public 192.168.0.2 188.8.131.52.4.1.3184.108.40.206.220.127.116.11.4 i 2
Let’s look at this command in a bit more detail -
Snmpset - this command changes the value of an OID. Other commands such as Snmpwalk and Snmpget allow you to query the device for information.
-v 1 – the version of SNMP to be used. There are currently 3.
-c public - the community string to be used for this device. This is an authentication process. Newer versions of SNMP use other kinds of authentication.
192.168.0.2 - the IP address of the device you are trying to interact with.
18.104.22.168.4.1.322.214.171.124.126.96.36.199.4 - the OID of the facet of the device you wish to interact with. This particular one is unique to APC PDUs and controls the status of port 4 of the power outlet. The final number designates the number of the port to be interacted with.
i 2 - the final part of the command defines the data type of the variable to be changed and its value. In this instance an integer which will become 2.
Here we have shown you an example of how to turn a power port on and off but, as you can see from the MIB browser, you can change pretty much anything. This means you can change the description on a port label or indeed add and remove users. It's also possible to save all your config from one PDU with SNMP and then deploy it to a brand new PDU after you enable SNMP. Its a great time saver when you have hundreds of PDUs to manage as we do.
What’s it stand for again?
APC – Originally American Power Conversion Corporation and now a subsidiary of Schneider Electric.
PDU – Power Distribution Unit
SNMP – Simple Network Management Protocol. A ubiquitous protocol used to provide remote management of devices. In a typical scenario, one or more administrative devices, known as managers, will monitor and/or manage a number of devices on a network. The managed devices will run a software component known as an agent which will report back to the managers via SNMP with relevant or specified data.
OID – Object Identifier. Each OID governs a variable on the target device which can be read or set via SNMP.
MIB – Management Information Base. OIDs are arranged into an extensible format in MIB packs by manufacturers of the devices. They describe the management data of a device in a hierarchical manner.