Paradyne 8784 manual Controlling Snmp Access, Assigning Snmp Community Names and Access Types

Page 72

7. Security

Controlling SNMP Access

here are three methods for limiting SNMP access.

Disable the SNMP management option. Refer to Table A-6, General SNMP

Management Options, in Appendix A, Configuration Options.

TAssign SNMP community names and access types.

Limit SNMP access through validation of the IP address of each allowed SNMP manager.

Assigning SNMP Community Names and Access Types

The unit can be managed by an SNMP manager supporting SNMP. The community name must be supplied by an external SNMP manager accessing an object in the MIB.

o define SNMP community names, follow this menu selection sequence:

Main MenuConfigurationCurrent Configuration

Management and CommunicationGeneral SNMP Management

Refer to Table A-6, General SNMP Management Options, in Appendix A,

Configuration Options, to:

Enable SNMP Management.

Assign the SNMP community names of the SNMP Managers that are allowed

Tto access the units Management Information Base (MIB).

Specify Read or Read/Write access for each SNMP community name.

Limiting SNMP Access through the IP Addresses of the Managers

The unit provides an additional level of security through validation of the IP addresses.

he SNMP Management option must be enabled. To control SNMP access with IP addresses, follow this menu selection sequence:

Main MenuConfigurationCurrent Configuration

Management and CommunicationSNMP NMS Security

Refer to Table A-7, SNMP NMS Security Options, in Appendix A, Configuration

Options. The SNMP access can be limited by:

TEnabling NMS IP address checking. Add each IP address and access level.

NOTE:

Do not change or delete the IP address or access level of the NMS performing the sets or enable IP address checking prior to adding the NMS to the table.

7-4

February 2001

8784-A2-GB20-30

Image 72
Contents Hotwire 8784 TDM Sdsl Termination Unit Copyright 2001 Paradyne Corporation All rights reserved Important Safety Instructions United States EMI Notice Contents Initial Startup and Configuration Monitoring the UnitFebruary Testing Messages and TroubleshootingSecurity IP Addressing TConfiguration Options Connector Pin AssignmentsTechnical Specifications Glossary Index Standards ComplianceT for Snmp TrapsAbout This Guide Document Purpose and Intended AudienceDocument Summary Product-Related Documents Document Number Document TitleAbout the Hotwire Termination Unit TDM Sdsl OverviewHotwire 8784 Termination Unit Features Network Configuration Customer Premises CPCO Site Snmp Management Capabilities Management Information Base MIB SupportSnmp Trap Support NetworkUsing the Asynchronous Terminal Interface User Interface AccessManagement Serial Port Settings Logging In to the Hotwire Dslam LoginInitiating an ATI Session Select Main MenuMenu Hierarchy SnmpMain Menu→ Configuration → Current Configuration → Network Screen Work AreasFunction KeysNavigating the Screens Keyboard KeysPress Function Keys For the screen Function Select Press Enter toSwitching Between Screen Work Areas ExampleEnding an ATI Session Exiting From the Dslam SessionUsing the Asynchronous Terminal Interface February Initial Startup and Configuration OverviewEntering Identity Information Main Menu→ Control→ Change IdentityIdentity Configuring the Unit Main Menu→ Configuration Load Configuration FromLoad Configuration from Current and Default Factory Configurations Configuration EDIT/DISPLAYIf you select Then Configuration Loader Select To Access To ConfigureMain Menu→ Configuration → Configuration Loader Configuration LoaderCompleted successfully Saving Configuration Changes Save ConfigurationDownloading Firmware Main Menu→ Control → Download CodeDownload Code DSL1Apply Download AutoRate Feature Main Menu→ Configuration→ Current Configuration → NetworkDisabling AutoRate Restoring Access to the User Interface Resetting AutoRateMain Menu→ Control→ Reset AutoRate Select Configuration→ DSL Cards → Reset SlotResetting the Unit Main Menu→ Control→ Reset DeviceMonitoring the Unit What to MonitorViewing System and Test Status Main Menu→ Status→ System and Test StatusSystem and Test Status Health and Status SELF-TEST Results Health and Status Messages YyyyyyyyMonitoring the Unit Self-Test Results Messages Test Status MessagesTest Status Messages Meaning Viewing Network Error Statistics Network Error StatisticsPerformance Statistics SES Severely Errored Seconds Seconds during which more than Field ContainsViewing Network Performance Statistics This Field Contains Viewing Current Network Performance Current Network Performance StatisticsSES FebeViewing DSX-1 Performance Statistics Main Menu→ Status→ Performance Statistics→ DSX-1 StatisticsDSX-1 Performance Statistics This Field Contains Viewing LED Status DisplayGeneral DSL LoopFront Panel LEDs TypeLED is Indicating Testing Accessing the Test MenuMain Menu→ Test TestRunning Network Tests Main Menu→ Test→ Network & DSX-1 TestsNetwork & DSX-1 Tests Line Loopback Repeater Loopback DTE Loopback Remote Send Line Loopback Send and Monitor Device Tests Lamp TestMain Menu→ Test→ Device Tests Device TestsConfiguration Options Ending an Active TestTelco-Initiated Tests Telco-Initiated Line LoopbackTelco-Initiated Payload Loopback Activation Line Payload Remote Line Deactivation LoopbackTelco-Initiated Remote Line Loopback CAP LIU DSL DSX-1Testing February Messages and Troubleshooting Configuring Snmp Traps Snmp Traps OptionsNMS Device Messages Device Messages 1 What Message Indicates What To DoDevice Messages 2 What Message Indicates What To Do Troubleshooting Troubleshooting Symptom Possible Cause SolutionsMessages and Troubleshooting February ATI Access Levels SecurityCreating a Login Administer LoginsDeleting a Login On the Login Entry Screen, for EnterControlling Snmp Access Assigning Snmp Community Names and Access TypesManagement Options, in Appendix A, Configuration Options Configuration Options, toConfigurations Not Running IP Conservative Software All ConfigurationsIP Addressing Selecting an IP Addressing SchemeIP Addressing Example Peer IP Address AssignmentsConfiguration Options Configuration Changes in , Initial Startup and ConfigurationMain Menu→ Configuration→ Current Configuration→ Network Excessive Error Rate ThresholdNetwork Interface Options Table A-1. Network Interface Options 1DSL Line Rate Possible Settings 400, 528, 784, 1040 Table A-1. Network Interface Options 2AutoRate Circuit IdentifierMain Menu→ Configuration→ Current Configuration → DSX-1 DSX-1 Interface OptionsDSX-1 Interface Options ESFTable A-2. DSX-1 Interface Options 1 Port StatusLine Framing Line CodingTable A-2. DSX-1 Interface Options 2 Send AIS on Network FailureSend All Ones on DSX-1 Failure Primary Clock SourceMain Menu→ Configuration→ Current Configuration→ Copy Ports Copy Ports OptionsTable A-3. Copy Ports Options From Port nMain Menu→ Configuration→ Current Configuration→ System System OptionsSystem Options LTUTable A-4. System Options Management and Communication Menu Telnet Session OptionsTelnet Login Required Session Access LevelInactivity Timeout Table A-5. Telnet Session Options 1Main Menu→ Configuration→ Current Configuration→ General Snmp Management OptionsTable A-5. Telnet Session Options 2 Disconnect Time MinutesName 1 Access Name 2 AccessTable A-6. General Snmp Management Options Snmp ManagementSnmp NMS Security Options Snmp NMS Security OptionsAccess Level Table A-7. Snmp NMS Security OptionsNMS IP Validation Snmp Trap Options Table A-8. Snmp Trap Options 1 Snmp TrapsNumber of Trap Managers NMS n DestinationLink Traps Possible Settings Disable, Up, Down, Both Table A-8. Snmp Trap Options 2Enterprise Specific Traps Link Traps InterfacesAuthenticationFailure Standards Compliance for Snmp TrapsSnmp Traps WarmStartLinkUp and linkDown LinkUp/DownT Variable-BindingsEnterprise-Specific Traps DSL Network IfIndex RFC Connector Pin Assignments Front Panel 50-pin DTE Connector Pinouts50-Pin Connector DSX-1 Port Pinout Function Connector Pin Assignments February Technical Specifications Specifications CriteriaTechnical Specifications February Glossary 511Bridged tap COM portFactory defaults EIA-530-AEthernet FrameReset 703704 IP addressYellow Alarm RouterRS-449 TelnetIndex IN-1IN-2 IN-3 IN-4 IN-5 IN-6