DES-3226S Layer 2 Fast Ethernet Switch User’s Guide
26
SNMP Network Management
The Simple Network Management Protocol (SNMP) is an OSI layer 7 (the application layer) protocol for remotely monitoring
and configuring network devices. SNMP enables network management stations to read and modify the settings of gateways,
routers, Switches, and other network devices. SNMP can be used to perform many of the same functions as a directly
connected console, or can be used within an integrated network management software package such as DView.
SNMP performs the following functions:
•
Sending and receiving SNMP packets through the IP protocol.
•
Collecting information about the status and current configuration of network devices.
•
Modifying the configuration of network devices.
The DES-3226S has a software program called an ‘agent’ that processes SNMP requests, but the user program that makes the
requests and collects the responses runs on a management station (a designated computer on the network). The SNMP agent
and the user program both use the UDP/IP protocol to exchange packets.
SNMP Versions 1, 2 and 3
The DES-3226S supports SNMP version 3 as well as versions 1 and 2. The chief difference between Version 3 (SNMP v.3)
and Versions 1 and 2 (SNMP v.1 and SNMP v.2) is that it provides a substantially higher level of security than the previous
versions.
In SNMP v. and v.2, user authentication is accomplished using ‘community strings’, which function like passwords. The
remote user SNMP application and the router SNMP must use the same community string. SNMP packets from any station
that has not been authenticated are ignored (dropped).
SNMP v.3 uses a more sophisticated authentication process that is separated into two parts. One part is to maintain a list of
users and their attributes that are allowed to act as SNMP managers. The second part describes what each user on that list can
do as an SNMP manager.
The Switch allows groups of users to be listed and configured with a shared set of privileges. The SNMP version may also be
set for a listed group of SNMP managers. Thus, you may create a group of SNMP managers that are allowed to view read-only
information or receive traps using SNMP v.1 while assigning a higher level of security to another group, granting read/write
privileges using SNMP v.3.
Using SNMP v.3 individual users or groups of SNMP managers can be allowed to perform or be restricted from performing
specific SNMP management functions. The functions allowed or restricted are defined using the Object Identifier (OID)
associated with a specific MIB.
An additional layer of security is available for SNMP v.3 in that SNMP messages may be encrypted (using HMAC-SHA-96 or
HMAC-MDA-96 authentication levels).
Traps
Traps are messages that alert network personnel of events that occur on the Switch. The events can be as serious as a reboot
(someone accidentally turned OFF the Switch), or less serious like a port status change. The Switch generates traps and sends
them to the trap recipient (or network manager).
Trap recipients are special users of the network who are given certain rights and access in overseeing the maintenance of the
network. Trap recipients will receive traps sent from the Switch; they must immediately take certain actions to avoid future
failure or breakdown of the network.
You can also specify which network managers may receive traps from the Switch. This can be done by entering a list of the IP
addresses of authorized network managers. You may further specify the SNMP version to use for authentication. Up to four
trap recipient IP addresses, and four corresponding SNMP community strings can be entered.
The following are trap types the Switch can send to a trap recipient:
•
Cold Start This trap signifies that the Switch has been powered up and initialized such that software settings are
reconfigured and hardware systems are rebooted. A cold start is different from a factory reset in that configuration
settings saved to non-volatile RAM used to reconfigure the Switch.
•
Warm Start This trap signifies that the Switch has been rebooted, however the POST (Power On Self-Test) is
skipped.
•
Authentication Failure This trap signifies that someone has tried to logon to the Switch using an invalid SNMP
community string. The Switch automatically stores the source IP address of the unauthorized user.
Содержание DES-3226S
Страница 126: ......