1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Software
  5. SNMP Rel. 2.0.0
  6. Reference manual

Allied Telesis SNMP Rel. 2.0.0 Reference Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
SNMP Reference Manual

Advertisement

Table of Contents
loading

Related Manuals for Allied Telesis SNMP Rel. 2.0.0

Summary of Contents for Allied Telesis SNMP Rel. 2.0.0

  • Page 1 SNMP Reference Manual...
  • Page 2 SNMP Reference Manual SNMP Reference Manual SNMP Reference Manual Rel. 2.0.0 Copyright © 2004 Allied Telesis All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis. Allied Telesis reserves the right to make changes in specifications and other information contained in this document without prior written notice.

  • Page 3: Table Of Contents

    SNMP Reference Manual Contents INTRODUCTION TO SNMP CONFIGURATION ..................5 SNMP CONFIGURATION WITHIN THE SNMPV3 ADMINISTRATION FRAMEWORK .....7 .........................7 NTRODUCTION SECURITY ....................................7 MECHANISMS USED BY SNMPV3 SECURITY......................7 ..................9 OCAL CONFIGURATION DATASTORE CONFIGURATION FILE FORMAT..........................9 SNMP ...............10 ONFIGURATION FOR ALL ENTITIES CONFIGURING SNMPV3 USERS...........................10 BREAKDOWN OF AN SNMPENGINEID........................11 ................12 ONFIGURING AN AGENT TO RECEIVE REQUESTS AND SEND TRAPS...
  • Page 4 SNMP Reference Manual DEFINING TARGET PARAMETERS..........................19 ..................20 ONFIGURING NOTIFICATION FILTERS CREATING A NOTIFICATION FILTER ........................20 ASSOCIATING A FILTER WITH A NOTIFICATION PARAMETER..............22 ................23 ONFIGURING SOURCE ADDRESS CHECKING MATCHING EXACTLY ONE SOURCE ADDRESS ....................25 MATCHING ANY SOURCE ADDRESS ........................25 MATCHING A SOURCE ADDRESS IN A SUBNET ....................25 EXAMPLES................................
  • Page 5 SNMP Reference Manual Tables Table 1 - registered snmpEngineID for AT-RG600 ..................12 Table 2 – limitations to support of the standard MIB..................34 Table 3 – the sysInfo group ........................... 34 Table 4 - the sysUsers group ..........................35 Table 5 –...

  • Page 6: Introduction To Snmp Configuration

    SNMP Reference Manual Introduction to SNMP configuration This chapter introduces the configuration of SNMP module on AT-RG600 Residential Gateway family. To describe the SNMP configuration process the following terminology is used: NTITY • a network management element that consists of an SNMP engine and one or more applications. NGINE •...

  • Page 7: Figure 2 - An Agent Entity

    SNMP Reference Manual The SNMP entity that is commonly called an is an engine plus a command responder and a AGENT notification originator. Other types of entities are possible, because other combinations of engine and applications are viable. 2 - A IGURE N AGENT NTITY...

  • Page 8: Snmp Configuration Within The Snmpv3 Administration Framework

    SNMP Reference Manual SNMP configuration within the SNMPv3 administration framework The SNMPv3 Administration Framework is a configuration infrastructure for SNMPv3 users, but it can also be used to remotely configure and administer SNMPv1 and SNMPv2c community strings. Introduction The SNMPv3 security administration framework provides a strong authentication mechanism, authorization with fine granularity, complete access control, security level controls which include two authentication algorithms and an optional privacy protocol, and a MIB document for remote...

  • Page 9: Figure 3 - Hmac Expression

    SNMP Reference Manual RFC1321, takes “as input a message of arbitrary length and produces as output a fingerprint or ‘message digest’ of the input.” HMAC, defined in RFC2104, computes an MD5 hash (H)on the concatenation of • (a) the shared secret key (K), which has been XORed with the hexadecimal value ‘36 ’(ipad), (b) the SNMP message (text), which contains zero bytes in the digest field, to produce an intermediate digest, and computes an MD5 hash on the concatenation of...

  • Page 10: Local Configuration Datastore

    SNMP Reference Manual The message origin is authentic. That is, the user that claims to have sent the message did in fact • send it. Otherwise, the digests would have been different. The message contents have not been altered in transit. Otherwise, the digests would have been •...

  • Page 11: Configuration For All Snmpv3 Entities

    SNMP Reference Manual Configuration for all SNMPv3 entities Configuring SNMPv3 users Configuration for at least one SNMPv3 user must be provided for an SNMP engine to send or receive SNMPv3 messages on behalf of certain SNMP applications. To configure an SNMPv3 user, add an usmUserEntry definition in the snmpd.cnf file accordingly the following syntax: usmUserEntry <usmUserEngineID>...

  • Page 12: Breakdown Of An Snmpengineid

    SNMP Reference Manual usmTargetTag is a human readable string that is used to select a set of entries in the snmpTargetAddrTable for source address checking. If the SNMP entity should not perform source address checking, then this field should contain a dash (-). AuthKey is an OctetString represented as a sequence of hexadecimal numbers separated by colons.

  • Page 13: Configuring An Agent To Receive Requests And Send Traps

    SNMP Reference Manual 1.3.6.1.4.1.207.1.17.15 RG634A 1.3.6.1.4.1.207.1.17.16 RG634B 1.3.6.1.4.1.207.1.17.17 RG656LH 1.3.6.1.4.1.207.1.17.18 RG656SH 1.3.6.1.4.1.207.1.17.19 RG656TX AT-RG600 ABLE REGISTERED SNMP NGINE Configuring an agent to receive requests and send traps This section describes how to configure SNMPv3 user information only. Additional configuration is required for an SNMP agent to actually receive SNMP requests and send SNMP Traps.

  • Page 14: Configuration For No Authentication

    SNMP Reference Manual Configuration for no authentication The following usmUserEntry configures an SNMP agent engine with information about an SNMPv3 user whose name is “myV3NoAuthNoPrivUser”. This user does not have an authentication password, so the last field contains a dash (-). An SNMP request message from this user (originating from another SNMP entity) can be received if the message was sent using no security.

  • Page 15: Figure 4 - Vacmviewtreefamilymask

    SNMP Reference Manual vacmViewTreeFamilyMask are used to determine if an OBJECT IDENTIFIER is in this family of view subtrees. vacmViewTreeFamilyMask is an OctetString represented as a sequence of hexadecimal numbers separated by colons. Each octet is within the range 0x00 through 0xFF. A zero length OctetString is represented with a dash (-).

  • Page 16: Defining Groups And Access Rights

    SNMP Reference Manual would require an exact match on all fields except the table column (i.e., the 0 in ifEntry.0.2 ). Using the above example, the bits of the vacmViewTreeFamilyMask would be grouped into bytes, and then the right end padded with ones if necessary to fill out the last byte: Figure 5 –...

  • Page 17: Assigning Principals To Groups

    SNMP Reference Manual then the context name in (or derived from) the request is determined to be a correct match to the values in this vacmAccessEntry. vacmAccessReadViewName is a vacmViewTreeFamilyViewName (defined by at least one vacmViewTreeFamilyEntry) identifying the view subtrees accessible for Get, GetNext, and GetBulk requests. vacmAccessWriteViewName is a vacmViewTreeFamilyViewName (defined by at least one vacmViewTreeFamilyEntry) identifying the view subtrees accessible for Set requests.

  • Page 18: Configuring Notications

    SNMP Reference Manual Configuring notifications AT-RG600 family SNMP agent is designed to support SNMPv1 Traps, SNMPv2c Traps, or SNMPv3 Traps. To send TRAPs, it's necessary perform some basic SNMP engine configuration as defined in the following sections. Configuring notification is a process that requires four steps: Define a notification.

  • Page 19: Defining Target Addresses

    SNMP Reference Manual Defining target addresses To configure a target address (to which a notification should be sent), add one or more snmpTargetAddrEntry definition in the snmpd.cnf file accordingly the following syntax: snmpTargetAddrEntry <snmpTargetAddrName> <snmpTargetAddrTDomain> <snmpTargetAddrTAddress> <snmpTargetAddrTimeout> <snmpTargetAddrRetryCount> <snmpTargetAddrTagList> <snmpTargetAddrParams> <snmpTargetAddrStorageType> <snmpTargetAddrTMask>...

  • Page 20: Defining Target Parameters

    SNMP Reference Manual snmpTargetAddrParams is a human readable string that is used to select a set of entries in the snmpTargetParamsTable snmpTargetAddrStorageType is nonVolatile, permanent, or readOnly. snmpTargetAddrTMask is a bitfield mask for the snmpTargetAddrTAddress and appears in the snmpd.cnf file in the same format as the snmpTargetAddrTAddress For notifications, the value must be 255.255.255.255:0 to indicate that the Trap or Inform message will be sent to a specific address.

  • Page 21: Configuring Notification Filters

    SNMP Reference Manual snmpTargetParamsSecurityLevel identifies the security level of the notification to send. When an SNMPv1 or SNMPv2c notification is configured, the only valid value is noAuthNoPriv. When an SNMPv3 notification is configured, the value of this field is noAuthNoPriv for no authentication and no privacy, or authNoPriv for authentication without privacy.

  • Page 22: Figure 6 - Snmpnotifyfiltermask

    SNMP Reference Manual snmpNotifyFilterEntry.<snmpNotifyFilterProfileName> <snmpNotifyFilterSubtree> <snmpNotifyFilterMask> <snmpNotifyFilterType> <snmpNotifyFilterStorageType> snmpNotifyFilterProfileName is a human readable string representing the name of this notification filter. snmpNotifyFilterSubtree is an OID which specifies the MIB sub-tree containing notifications objects to be filtered. The value of this OID may be specified in dotted-decimal format or by the English name. snmpNotifyFilterMask modifies the set of notifications and objects identified by snmpNotifyFilterSubtree (a detailed explanation follows).This object is an OctetString represented as a sequence of hexadecimal...

  • Page 23: Associating A Filter With A Notification Parameter

    SNMP Reference Manual Using the above example, the bits of the snmpNotifyFilterMask would be grouped into bytes, and then the right end padded with ones if necessary to fill out the last byte: IGURE SNMP OTIFY ILTER ASK CONTINUED So the snmpNotifyFilterMask entry would be ff:bf With this value for snmpNotifyFilterMask and all other appropriate entries in the con figuration file, a notification containing values from any of the following ifTable objects would match the filter...

  • Page 24: Configuring Source Address Checking

    SNMP Reference Manual snmpNotifyFilterProfileEntry <snmpTargetParamsName> <snmpNotifyFilterProfileName> <snmpNotifyFilterProfileStorageType> snmpTargetParamsName is a snmpTargetParamsName defined in the snmpTargetParamsTable snmpNotifyFilterProfileName is a snmpNotifyFilterProfileName defined in the snmpNotifyFilterTable snmpNotifyFilterProfileStorageType is nonVolatile, permanent, or readOnly. Configuring source address checking A feature of SNMP Research software allows the SNMP engine to perform additional authentication of an incoming SNMPv1, SNMPv2c, or SNMPv3 message by checking the source address of the message.
  • Page 25 SNMP Reference Manual snmpTargetAddrTagList is a quoted string containing one or more (space-separated) tags. These tags correspond to the value of usmTargetTag in the usmUserTable and to the value of snmpCommunityTransportTag in the snmpCommunityTable. An incoming SNMPv1 or SNMPv2c message will not be rejected if: the community string in the incoming message matches a con figured snmpCommunityName, and •...

  • Page 26: Matching Exactly One Source Address

    SNMP Reference Manual host and the host with address snmpTargetAddrTAddress without risk of fragmentation. The default value is 2048. Matching exactly one source address If snmpTargetAddrTMask is 255.255.255.255:0, then all bits have ‘1’ as value: IGURE SNMP ARGET This indicates that the source address must exactly match the value of snmpTargetAddrTAddress, or the incoming SNMP request will be rejected.

  • Page 27: Figure 11

    SNMP Reference Manual IGURE in order not to be rejected, the source address of an incoming SNMP request must begin with 192.147.142 In the fourth byte, only the first bit will be compared to the same bit of the value of snmpTargetAddrTAddress.

  • Page 28: Examples

    SNMP Reference Manual Examples This section contains examples of SNMP configuration for SNMP agent entities. noAuthNoPriv SNMPv3 users To authorize the receipt of SNMPv3 noAuthNoPriv Get and Set requests from the user "myV3NoAuthNoPrivUser” from exactly one manager station (one IP address), add the following lines to the snmpd.cnf configuration file together with the usmUserEntry for the user “myV3NoAuthNoPrivUser”.

  • Page 29: Auth N O Priv Snmpv

    SNMP Reference Manual snmpNotifyEntry myTrap whereMyNotificationsGo trap nonVolatile snmpTargetAddrEntry myV3Manager_noAuthNoPrivNotifications snmpUDPDomain 192.147.142.35:0 100 3 whereMyNotificationsGo myV3NoAuthNoPrivParams nonVolatile 1.2.3.4:0 2048 snmpTargetParamsEntry myV3NoAuthNoPrivParams 3 usm myV3NoAuthNoPrivUser noAuthNoPriv nonVolatile To configure additional Trap destinations (additional IP addresses where the user is authorized to operate a management station), add additional snmpTargetAddrEntry entries to the snmpd.cnf configuration file.

  • Page 30: Additional Configuration For Snmpv3 Agent Entities

    SNMP Reference Manual To authorize the sending of SNMPv3 authNoPriv Trap messages to a user at exactly one SNMP manager station (one IP address), add the following lines to the snmpd.cnf configuration file together with the usmUserEntry for the user “myV3AuthNoPrivUser”. vacmAccessEntry myV3AuthNoPrivGroup -usm authNoPriv exact - - All nonVolatile vacmSecurityToGroupEntry usm myV3AuthNoPrivUser myV3AuthNoPrivGroup...

  • Page 31: Additional Configuration For Snmpv

    SNMP Reference Manual vacmContextEntry <vacmContextName> vacmContextName is a human readable string representing the name of a context to be supported by this configuration. ⇒ Note that the default context is always supported by an SNMPv3 agent. Additional configuration for SNMPv1 and SNMPv2 agent entities This section describes SNMP configuration that is required for SNMP entities that support SNMPv1 and/or SNMPv2c in addition to SNMPv3.

  • Page 32: Examples

    SNMP Reference Manual snmpCommunityContextEngineID is an OctetString, usually “localSnmpID”. snmpCommunityContextName is the SNMPv3 context implied by the community string. A dash (-) in this field represents the default context. snmpCommunityTransportTag is a human readable string that is used to to select a set of entries in the snmpTargetAddrTable for source address checking.
  • Page 33 SNMP Reference Manual snmpTargetParamsEntry myV1ExampleParams 0 snmpv1 targetV1Community noAuthNoPriv nonVolatile To receive SNMPv2c requests from exactly one SNMP manager station: snmpCommunityEntry 62 targetV2cCommunity targetV2cCommunity localSnmpID - whereValidRequestsOriginate nonVolatile vacmAccessEntry myV2cGroup -snmpv2c noAuthNoPriv exact All All All nonVolatile vacmSecurityToGroupEntry snmpv2c targetV2cCommunity myV2cGroup nonVolatile vacmViewTreeFamilyEntry All iso -included nonVolatile snmpTargetAddrEntry myV2cManager_allRequests snmpUDPDomain...

  • Page 34: Mib

    SNMP Reference Manual Starting from software release 2-0-0, the AT-RG600 Residential Gateway family has introduced the support for SNMP v1, v2c and v3 for configuration commands limiting the support only for SNMP v1 for notification messages. ⇒ The support to SNMP v1, v2c and v3 is available only on AT-RG656 models. Standard (public) MIB AT-RG600 Residential Gateway support the standard MIB defined in RFC 1213 (RFC1213-MIB) with the following limitations:...

  • Page 35: Standard Traps

    SNMP Reference Manual ipNetToMediaIfIndex Read-Write Read-Only ipNetToMediaPhysAddress Read-Write Read-Only ipNetToMediaNetAddress Read-Write Read-Only ipNetToMediaType Read-Write Read-Only tcpConnState Read-Write Read-Only 2 – ABLE LIMITATIONS TO SUPPORT OF THE STANDARD Standard traps Only the standard ColdStart TRAP is supported. ⇒ Standard ColdStart TRAP can be sent only in SNMPv1 format. It's necessary therefore that the snmpd.cnf file is correcty configured to generate this trap using the SNMPv1 protocol version.

  • Page 36: Private Traps

    SNMP Reference Manual sysUsers group This goup collects the list of the users deined in the system and the login/password for each of them. Max-Access Description sysUserNamer Read-Only The user name/login sysUserConfig Read-Write The user may configure sysUserAccess Read-Write The user may configure sysUserComment Read-Write Additional comment associated to this user...

  • Page 37: Table 6 - Private Traps

    SNMP Reference Manual powerBackpupBatteryOn This trap indicates that the backup external power supply is disconnected. powerBackpupBatteryMissing This trap indicates that the backup battery system is disconnected. powerBackpupBatteryLow This trap indicates that the battery is low or missing. voipMgcpProtocolEnableTrap This trap indicates that the MGCP protocol has been enabled.

This manual is also suitable for:

Snmp 2.0.0

Table of Contents