background image

 

 

SNMP Reference Manual 

SNMP configuration within the SNMPv3 administration framework 

Page 18 of 37 

 

 

 

Defining target addresses 

To configure a target address (to which a notification should be sent), add one or more 

snmpTargetAddrEntry

 definition in the 

snmpd.cnf

 

file accordingly the following syntax: 

snmpTargetAddrEntry <snmpTargetAddrName> <snmpTargetAddrTDomain> 

<snmpTargetAddrTAddress> <snmpTargetAddrTimeout> <snmpTargetAddrRetryCount> 

<snmpTargetAddrTagList> <snmpTargetAddrParams> <snmpTargetAddrStorageType> 

<snmpTargetAddrTMask> <snmpTargetAddrMMS> 

snmpTargetAddrName 

is a human readable string representing the name of this target. 

snmpTargetAddrTDomain

 

 

is an OID which indicates the network type (UDP/IP,IPX,etc.). For UDP/IP transport type, the OID 
value (in dotted format) is 

1.3.6.1.6.1.1

 

or equivalent (in English name) 

snmpUDPDomain

snmpTargetAddrTAddress

   

is a valid address in the 

snmpTargetAddrTDomain

. For 

snmpTargetAddrTDomain

 equal to 

snmpUDPDomain

, a valid address would be 

192.147.142.35 :0

, where the value after the colon 

is the UDP port number. This address is used as the destination address for outgoing notifications. 

⇒ 

If the port number is specified as zero, the actual destination port used for the 

outgoing notification message is set to the default 162. 

snmpTargetAddrTimeout

 

 

is an integer which identifies the expected maximum round 

triptime

 (in hundredths of seconds) for 

communicating with the 

snmpTargetAddrTAddress

When an Inform is sent to this address, and a response is not received within this time period, the 
SNMP entity will assume that the response will not be delivered. The default value of 1500 (15 seconds) 
is suggested by RFC2573. If the outgoing message type is not Inform then this field is ignored. 

snmpTargetAddrRetryCount

 

 

is an integer which identifies the number of times the SNMP entity will attempt to retransmit an Inform 
when a response is not received. The default value of 3 is suggested by RFC2573. If the outgoing 
message type is not Inform, then this field is ignored. 

snmpTargetAddrTagList

 

 

is a quoted string containing one or more (space-separated) tags. These tags correspond to the value of 

snmpNotifyTag

 in the 

snmpNotifyTable

. A notification defined in the 

snmpNotifyTable

 will 

be sent to the address specified in 

snmpTargetAddrTDomain

 if the notification’s 

snmpNotifyTag

 appears in this list of tags. 

Содержание SNMP 2.0.0

Страница 1: ...SNMP Reference Manual...

Страница 2: ...tion contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesis be liable for any incidental special i...

Страница 3: ...V3 ENTITIES 10 CONFIGURING SNMPV3 USERS 10 BREAKDOWN OF AN SNMPENGINEID 11 CONFIGURING AN AGENT TO RECEIVE REQUESTS AND SEND TRAPS 12 CONFIGURATION FOR AUTHENTICATION 12 CONFIGURATION FOR NO AUTHENTIC...

Страница 4: ...LY ONE SOURCE ADDRESS 25 MATCHING ANY SOURCE ADDRESS 25 MATCHING A SOURCE ADDRESS IN A SUBNET 25 EXAMPLES 27 NOAUTHNOPRIV SNMPV3 USERS 27 AUTHNOPRIV SNMPV3 USERS 28 ADDITIONAL CONFIGURATION FOR SNMPV3...

Страница 5: ...group 35 Table 5 the sysAdmin group 35 Table 6 Private Traps 36 Figures Figure 1 A manager Entity 5 Figure 2 An agent Entity 6 Figure 3 HMAC expression 8 Figure 4 vacmViewTreeFamilyMask 14 Figure 5 v...

Страница 6: ...ore applications ENGINE a component of an SNMP entity that consists of a message processing subsystem a security subsystem an access control subsystem as appropriate and a dispatcher APPLICATION a com...

Страница 7: ...Page 6 of 37 The SNMP entity that is commonly called an AGENT is an engine plus a command responder and a notification originator Other types of entities are possible because other combinations of eng...

Страница 8: ...following four threats MASQUERADE the masquerade threat is when an unauthorized user attempts to carry out management operations by assuming the identity of an authorized user SNMPv3 can verify the i...

Страница 9: ...the digest field is padded with zeros The HMAC function is then used to compute a digest fingerprint over the concatenation of the sender s notion of the shared secret key and SNMPv3 message The dige...

Страница 10: ...lations will be performed again to obtain the digest for the same request packet containing an updated time value If the original message was the result of message stream modification and if the share...

Страница 11: ...the agent s configuration file will be localSnmpID For Trap messages the SNMP entity containing the notification generator application is authoritative Therefore the value of the usmUserEngineID fiel...

Страница 12: ...ssword the password will be converted to a key at run time It s possible define more than one SNMPv3 user The list of all the SNMPv3 user entries is named usmUserTable Breakdown of an snmpEngineID An...

Страница 13: ...er must be known to the agent s SNMP engine If the Trap is sent in a secure packet the agent must use the user s security key to compute an authentication digest for the message For this operation the...

Страница 14: ...n to the information about SNMPv3 users Configuring view based access control Configuration of view based access control must be provided for the SNMP engine to correctly process SNMPv1 SNMPv2c or SNM...

Страница 15: ...ree for the view named All that includes the entire set of MIB objects iso is the root node of the MIB tree The vacmViewTreeFamilyMask field allows restriction of the MIB view at a finer granularity t...

Страница 16: ...cessSecurityLevel vacmAccessContextMatch vacmAccessReadViewName vacmAccessWriteViewName vacmAccessNotifyViewName vacmAccessStorageType vacmGroupName is a human readable string which is the groupname v...

Страница 17: ...messages and Inform requests vacmAccessStorageType is nonVolatile permanent or readOnly Assigning principals to groups A PRINCIPAL is generic term to refer to an SNMPv3 user or an SNMPv2c or SNMPv1 c...

Страница 18: ...sent to the target addresses The following sections describe each step of this process in more detail Defining notifications To configure a notification add an snmpNotifyEntry definition in the snmpd...

Страница 19: ...he destination address for outgoing notifications If the port number is specified as zero the actual destination port used for the outgoing notification message is set to the default 162 snmpTargetAdd...

Страница 20: ...ddress snmpTargetAddrTAddress without risk of fragmentation The default value is 2048 Defining target parameters To configure parameters to be used when sending notifications add one or more snmpTarge...

Страница 21: ...t too many notifications that it produces noise The SNMPv3 administration framework allows an SNMP entity which contains both a notification receiver application and a command generator application to...

Страница 22: ...ndicates whether the family of filter sub trees defined by this entry are included in or excluded from a filter snmpNotifyFilterStorageType is nonVolatile permanent or readOnly The snmpNotifyFilterMas...

Страница 23: ...ifyFilterMask and all other appropriate entries in the con figuration file a notification containing values from any of the following ifTable objects would match the filter and would not be sent ifInd...

Страница 24: ...AddrTDomain snmpTargetAddrTAddress snmpTargetAddrTimeout snmpTargetAddrRetryCount snmpTargetAddrTagList snmpTargetAddrParams snmpTargetAddrStorageType snmpTargetAddrTMask snmpTargetAddrMMS snmpTargetA...

Страница 25: ...drTAddress masked by snmpTargetAddrTMask of a corresponding snmpTargetAddrEntry snmpTargetAddrParams is a human readable string which must be present but is ignored by the SNMP engine This field shoul...

Страница 26: ...then all bits have 0 as value FIGURE 9 This indicates that none of the bits of the source address will be compared to the value of snmpTargetAddrTAddress and consequently an incoming SNMP request will...

Страница 27: ...192 147 142 In the fourth byte only the first bit will be compared to the same bit of the value of snmpTargetAddrTAddress The remaining bits are don t care cases shown as in Figure 12 FIGURE 12 There...

Страница 28: ...ion so that this user can access the MIB objects from additional hosts change the snmpTargetAddrTMask to perform wildcard matching of the source address of the incoming request message To relax the ag...

Страница 29: ...thorize the receipt of SNMPv3 authNoPriv Get and Set5 requests from the user myV3AuthNoPrivUser from exactly one manager station one IP address add the following lines to the snmpd cnf configuration f...

Страница 30: ...to authorize 192 147 142 111 as an additional Trap destination add the following line to the snmpd cnf configuration file snmpTargetAddrEntry anotherV3Manager_authNoPrivNotifications snmpUDPDomain 19...

Страница 31: ...yIndex snmpCommunityName snmpCommunitySecurityName snmpCommunityContextEngineID snmpCommunityContextName snmpCommunityTransportTag snmpCommunityStorageType snmpCommunityIndex is a human readable strin...

Страница 32: ...y one SNMP manager station snmpCommunityEntry 61 targetV1Community targetV1Community localSnmpID whereValidRequestsOriginate nonVolatile vacmAccessEntry myV1Group snmpv1 noAuthNoPriv exact All All All...

Страница 33: ...TargetAddrEntry myV2cManager_allRequests snmpUDPDomain 192 147 142 35 0 0 0 whereValidRequestsOriginate nonVolatile 255 255 255 255 0 2048 To send SNMPv2c Trap messages to exactly one SNMP manager sta...

Страница 34: ...owing limitations AT RG600 Residential Gateway support the standard MIB defined in RFC 1213 RFC1213 MIB with the following limitations OID RFC1213 Implementation ifAdminStatus Read Write Read Write 1...

Страница 35: ...the SNMPv1 protocol version Enterprise private MIB AT RG600 Residential Gateway implements private objects in order to give access to specific unit configuration parameters that are not mapped in any...

Страница 36: ...nd CLI like commands OID Max Access Description sysRestart Read Write If set to 1 true this object force a system restart The value returned by get requests is always 2 false sysConfigSave Read Write...

Страница 37: ...has been restarted voipMgcpEndpointPh2RestartTrap 9 This trap indicates that the MGCP endpoint 3 has been restarted igmpSnoopingVlanEnableTrap 10 This trap indicates that the igmp snooping has been e...

Отзывы: