Using Snmp Contexts To Access Specific Mibs; Creating A Basic Snmp Trap Configuration; Snmp Security Levels - Enterasys Matrix DFE-Gold Series Configuration Manual

Table 5-1 SNMP Security Levels
Model Security Level
v1 NoAuthNoPriv
v2c NoAuthNoPriv
v3 NoAuthNoPriv
AuthNoPriv
authPriv

Using SNMP Contexts to Access Specific MIBs

By default, when operating from the switch CLI, Matrix Series devices allow access to all SNMP
MIBs or contexts. A context is a collection of MIB objects, often associated with a particular
physical or logical device.
If no optional context parameters are configured for v1 and v2 "community" names and v3 "user"
groups, these groups are able to access all SNMP MIB objects when in switch mode.
Specifying a context parameter when setting up SNMP user group access would permit or restrict
the group's switch management access to the MIB(s) specified by the context (MIB object ID) value.
All SNMP contexts known to the device can be displayed using the show snmp context command
as described in "show snmp context" on page 5‐23.
Examples
This example permits the "powergroup" to manage all MIBs via SNMPv3:
Matrix(rw)->set snmp access powergroup security-model usm
This example grants the "powergroup" SNMPv3 management access from the module operating
in router mode:
Matrix(rw)->set snmp access powergroup security-model usm context router prefix
For information on preparing the device for router mode, refer back to "Preparing the Device for
Router Mode" on page 2‐100.

Creating a Basic SNMP Trap Configuration

Traps are notification messages sent by an SNMPv1 or v2 agent to a network management station,
a console, or a terminal to indicate the occurrence of a significant event, such as when a port or
device goes up or down, when there are authentication failures, and when power supply errors
occur. The following configuration example shows how to use CLI commands to associate SNMP
notification parameters with security and authorization criteria (target parameters), and map the
parameters to a management target address.
Authentication Encryption
Community string None
Community string None
User name None
MD5 or SHA None
MD5 or SHA DES
How It Works
Uses a community string match for
authentication.
Uses a community string match for
authentication.
Uses a user name match for
authentication.
Provides authentication based on
the HMAC-MD5 or HMAC-SHA
algorithms.
Provides authentication based on
the HMAC-MD5 or HMAC-SHA
algorithms. Provides DES 56-bit
encryption in addition to
authentication based on the CBC-
DES (DES-56) standard.
Enterasys Matrix DFE-Gold Series Configuration Guide 5-3
SNMP Configuration Summary