The IBM iSeries family of servers SNMP agent responds on an ephemeral port rather than port 161.
The user finds that when a request is made to the IBM iSeries family of servers SNMP agent on port 161, the iSeries family responds on a port above 5000.? Why is the iSeries so different from VM or IBM MVS systems that will receive and respond on the same SNMP port? Many customers have a firewall and don't want to open all ephemeral ports above port 5000. Is there a work-around to this?
This is working as designed. There is no current configuration you can use to 'force' SNMP to respond on its default
port 161. The semantics they are looking for are mostly identified with TCP - connection oriented (statefull)
sessions. SNMP uses UDP (connectionless) protocols, and the most common way to send datagrams
with UDP is by using an ephemeral port.
The original SNMP developers said that there are separate jobs: a receiver job to receive all requests from
all SNMP Managers, and the Sender job which is responsible for accessing the MIB database and actually responding to the request(s). The receiver job passes off the requests to the sender job and goes back to listening for new requests. Because both jobs cannot bind to port 161 (this was written in V3R1 when mechanisms like spawn
were unavailable), the receiver job uses port 161 and the sender job uses a random port.
The above information is documented at the following link:
If a firewall exists between the snmpget probe's robot and the AS/400 device, then ephemeral ports above 5000 must be opened in the firewall in order for the snmpget probe to receive the response from the AS/400 device it is configured to monitor.
keywords: IBM SNMP snmp firewall AS400 iSeries AS/400 ephemeral port 161 ports 5000 above range