Allied-Telesis AT-iMG624A Router Manual PDF (Setup & Configuration Guide)

Page 126 / 998 Scroll up to view Page 121 - 125

SNMP

Additional configuration for SNMPv3 agent enti-

iMG/RG Software Reference Manual (System Configuration)

1-94

FIGURE 1-16

vacmViewTreeFamilyMask

would require an exact match on all fields except the table column (i.e., the 0 in

ifEntry.0.2

).

Using the above example, the bits of the

vacmViewTreeFamilyMask

would be grouped into bytes, and

then the right end padded with ones if necessary to fill out the last byte:

FIGURE 1-17

vacmViewTreeFamilyMask (continued)

So the

vacmViewTreeFamilyMask

entry would be:

ff:bf

1.6.2.3 Defining groups and access rights

To configure a group and its associated access rights, add a

vacmAccessEntry

definition in the

snmpd.cnf

file accordingly the following syntax:

vacmAccessEntry <vacmGroupName> <vacmAccessContextPrefix> <vacmAc-

cessSecurityModel> <vacmAccessSecurityLevel> <vacmAccessContext-

Match> <vacmAccessReadViewName> <vacmAccessWriteViewName>

vacmGroupName

is a human readable string which is the groupname.

vacmAccessContextPrefix

is a human readable string which is an entire or partial context name used to match the context name in (or

derived from) a management request. A dash (-) represents the default context.

vacmAccessSecurityModel

is

snmpv1

for SNMPv1,

snmpv2c

for SNMPv2c, or

usm

for SNMPv3.

OID

vacmViewTreeFamilyMask

1 . 3 . 6 . 1 . 2 . 1 . 2 . 2 . 1 . 0 . 2

1 1 1 1 1 1 1 1 1 0 1

1 1 1 1

ff

1 1 1 1

byte 1

1 1 1 1

bf

1 1 1 1

byte 2

hex value

original mask

padded with 1’s

Page 127 / 998

Additional configuration for SNMPv3 agent entities

SNMP

1-95

iMG/RG Software Reference Manual (System Configuration)

vacmAccessSecurityLevel

is

noAuthNoPriv

for no authentication and no privacy, and

authNoPriv

is for MD5 authentication with

no privacy.

vacmAccessContextMatch

is

exact

or

prefix

to indicate how the context of a request must match

vacmAccessContextPrefix

.

For example, if an authenticated management request is sent in context “AT-iMG646MOD", and if the value of

vacmAccessContextPrefix

and

vacmAccessContextMatch

are “AT-iMG646MOD” and "prefix”,

then the context name in (or derived from) the request is determined to be a correct match to the values in

this

vacmAccessEntry

.

vacmAccessReadViewName

is a

vacmViewTreeFamilyViewName

(defined by at least one

vacmViewTreeFamilyEntry

) identify-

ing the view subtrees accessible for

Get, GetNext, and GetBulk

requests.

vacmAccessWriteViewName

is a

vacmViewTreeFamilyViewName

(defined by at least one

vacmViewTreeFamilyEntry

) identify-

ing the view subtrees accessible for

Set

requests.

vacmAccessNotifyViewName

is a

vacmViewTreeFamilyViewName

(defined by at least one

vacmViewTreeFamilyEntry

) identify-

ing the view subtrees from which objects may be included as

VarBinds

in

Trap

messages and

Inform

requests.

vacmAccessStorageType

is

nonVolatile, permanent, or readOnly

.

1.6.2.4 Assigning principals to groups

A

PRINCIPAL

is generic term to refer to an SNMPv3 user or an SNMPv2c or SNMPv1 community string (see

RFC2571).

To assign a principal to a group, add one or more

vacmSecurityToGroupEntry

definition in the

snmpd.cnf

file accordingly the following syntax:

vacmSecurityToGroupEntry <vacmSecurityModel> <vacmSecurityName> <vac-

mGroupName> <vacmSecurityToGroupStorageType>

vacmSecurityModel

is

snmpv1

for SNMPv1,

snmpv2c

for SNMPv2c, or

usm

for SNMPv3.

vacmSecurityName

is a human readable string which is the principal.

vacmGroupName

is a human readable string which is the groupname. The groupname must be defined by at least one

vacmAcc-

essEntry

.

Page 128 / 998

SNMP

Configuring notifications

iMG/RG Software Reference Manual (System Configuration)

1-96

vacmSecurityToGroupStorageType

is nonVolatile, permanent, or readOnly.

It's possible define more than one

vacmSecurityToGroupEntry

. The list of all the

vacmSecurityTo-

GroupEntry

entries is named

vacmSecurityToGroupTable

.

1.6.3

Configuring notifications

SNMP agent is designed to support SNMPv1 Traps, SNMPv2c Traps, or SNMPv3 Traps. To send TRAPs, it's nec-

essary perform some basic SNMP engine configuration as defined in the following sections.

Configuring notification is a process that requires four steps:

•

Define a notification.

•

Define a set of network addresses to which a notification should be sent.

•

Define parameters to use when sending notifications to each of the target addressed identified in step2.

•

Optionally, define notification filters to reduce the amount of traps sent to the target addresses.

The following sections describe each step of this process in more detail.

1.6.3.1 Defining notifications

To configure a notification, add an

snmpNotifyEntry

definition in the

snmpd.cnf

file accordingly the fol-

lowing syntax:

snmpNotifyEntry <snmpNotifyName> <snmpNotifyTag> <snmpNotifyType>

snmpNotifyName

is a human readable string representing the name of this notification.

snmpNotifyTag

is a human readable string that is used to select a set of entries in the

snmpTargetAddrTable

.

snmpNotifyType

is

1(trap)

or

2(inform)

.

nmpNotifyStorageType

is

nonVolatile, permanent

or

readOnly.

It's possible define more than one notification. The list of all the notification entries is named

snmpNoti-

fyTable

.

Example:

snmpNotifyEntry myFirstNotify myFirstNotifyTag 1 nonVolatile

snmpNotifyEntry mySecondNotify mySecondNotifyTag 1 nonVolatile

Page 129 / 998

Configuring notifications

SNMP

1-97

iMG/RG Software Reference Manual (System Configuration)

1.6.3.2 Defining target addresses

To configure a target address (to which a notification should be sent), add one or more

snmpTargetAd-

drEntry

definition in the

snmpd.cnf

file accordingly the following syntax:

snmpTargetAddrEntry <snmpTargetAddrName> <snmpTargetAddrTDomain>

<snmpTargetAddrTAddress> <snmpTargetAddrTimeout> <snmpTargetAddrRe-

tryCount> <snmpTargetAddrTagList> <snmpTargetAddrParams> <snmpTar-

getAddrStorageType> <snmpTargetAddrTMask> <snmpTargetAddrMMS>

snmpTargetAddrName

is a human readable string representing the name of this target.

snmpTargetAddrTDomain

is an OID which indicates the network type (UDP/IP,IPX,etc.). For UDP/IP transport type, the OID value (in

dotted format) is

1.3.6.1.6.1.1

or equivalent (in English name)

snmpUDPDomain

.

snmpTargetAddrTAddress

is a valid address in the

snmpTargetAddrTDomain

. For

snmpTargetAddrTDomain

equal to

snmpUD-

PDomain

, a valid address would be

192.147.142.35:0

, where the value after the colon is the UDP port

number. This address is used as the destination address for outgoing notifications.

Note:

If the port number is specified as zero, the actual destination port used for the outgoing notification

message is set to the default 162

snmpTargetAddrTimeout

is an integer which identifies the expected maximum round-

trip time

(in hundredths of seconds) for com-

municating with the

snmpTargetAddrTAddress

.

When an Inform is sent to this address, and a response is not received within this time period, the SNMP entity

will assume that the response will not be delivered. The default value of 1500 (15 seconds) is suggested by

RFC2573. If the outgoing message type is not Inform then this field is ignored.

snmpTargetAddrRetryCount

is an integer which identifies the number of times the SNMP entity will attempt to retransmit an Inform when a

response is not received. The default value of 3 is suggested by RFC2573. If the outgoing message type is not

Inform, then this field is ignored.

snmpTargetAddrTagList

is a quoted string containing one or more (space-separated) tags. These tags correspond to the value of

snmp-

NotifyTag

in the

snmpNotifyTable

. A notification defined in the

snmpNotifyTable

will be sent to

the address specified in

snmpTargetAddrTDomain

if the notification’s

snmpNotifyTag

appears in this

list of tags.

snmpTargetAddrParams

is a human readable string that is used to select a set of entries in the

snmpTargetParamsTable

snmpTargetAddrStorageType

is

nonVolatile, permanent

, or

readOnly

.

Page 130 / 998

SNMP

Configuring notifications

iMG/RG Software Reference Manual (System Configuration)

1-98

snmpTargetAddrTMask

is a bitfield mask for the

snmpTargetAddrTAddress

and appears in the

snmpd.cnf

file in the same for-

mat as the snmpTargetAddrTAddress For notifications, the value must be

255.255.255.255:0

to indicate

that the

Trap

or

Inform

message will be sent to a specific address.

Note:

SNMP does not allow for the broadcasting of notifications. However, a notification may be sent to more

than one specific address by configuring more than one

snmpTargetAddrEntry

with the same tag(s)in

the

snmpTargetAddrTagListfield

snmpTargetAddrMMS

is an integer which is the maximum message size (in bytes)that can be transmitted between the local host and

the host with address

snmpTargetAddrTAddress

without risk of fragmentation. The default value is 2048.

1.6.3.3 Defining target parameters

To configure parameters to be used when sending notifications, add one or more

snmpTargetParamsEn-

try

definition in the

snmpd.cnf

file accordingly the following syntax:

snmpTargetParamsEntry <snmpTargetParamsName> <snmpTargetParamsMP-

Model> <snmpTargetParamsSecurityModel> <snmpTargetParamsSecuri-

tyName> <snmpTargetParamsSecurityLevel>

snmpTargetParamsName

is a human readable string representing the name of this parameter.

snmpTargetParamsMPModel

is

0

for SNMPv1,

1

for SNMPv2c, or

3

for SNMPv3.The value of this field together with the value of

snmpTargetParamsSecurityModel

indicates which type of notification should be sent.

snmpTargetParamsSecurityModel

is

snmpv1

for

SNMPv1

,

snmpv2c

for

SNMPv2c

, or

usm

for SNMPv3.The value of this field together with

the value of

snmpTargetParamsMPModel

indicates which type of notification should be sent.

snmpTargetParamsSecurityName

is a human readable string which is the principal (an SNMPv3 user, or an SNMPv2c or SNMPv1 community

string) to be used in the notification.

snmpTargetParamsSecurityLevel

identifies the security level of the notification to send. When an SNMPv1 or SNMPv2c notification is config-

ured, the only valid value is

noAuthNoPriv

. When an SNMPv3 notification is configured, the value of this

field is

noAuthNoPriv

for no authentication and no privacy, or

authNoPriv

for authentication without

privacy.

snmpTargetParamsStorageType

is

nonVolatile

,

permanent

or

readOnly

.

Rate

Popular Allied-Telesis Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share