Asante Technologies 35160 user manual Community Name and Security, MIB Tree, Name Space Path

Page 74

6.3 Community Name and Security

SNMP v.1 was not designed to be a secure protocol. There is no true password, although the string known as a community string does serve some of the same purposes.

SNMP-aware devices, such as this switch, often ship with well-known community strings. For this reason, it is important that the manager change the default community strings before putting the switch on a network. The 35160 Series switches improve on normal security by requiring the management station to appear in the SNMP host table before the agent will recognize the manager.

6.4 The MIB Tree

When the SNMP was designed, a formal structure for creating new management objects was created. A tree represents the structure: nodes in the tree are represented as strings of numbers separated by periods. The three components of the tree are

1.The unnamed root of the tree contains a set of characters common to all MIB objects located beneath the root. Objects beneath unnamed are said to be in that root’s domain.

2.A sub-tree contains a subset of the information available at the root. A sub-tree may also serve as a root and have sub-trees of its own.

3.A leaf is a sub-tree with no additional sub-trees in its domain. A leaf represents a single MIB object whose characteristics are unique from any other MIB object.

The group or organization that owns the sub-tree path assigns sub-tree numbers. The object names in the path are unique all the way to the end of the path.

6.4.1 Name Space Path

The name space path is used by the SNMP protocol to define the piece of data that the manager wants.

The three main name space paths are

1.ISO (International Standards Organization): All sub-tree leaves are under the ISO control.

2.CCITT (Consultative Committee on International Telephony and Telegraphy): the group that sets the standards for the interconnection of telephone equipment).

3.ISO-CCITT: Joint ISO and CCITT.

Each MIB object can be located by following a path from unnamed, through the sub-trees, to the leaf, following the string of numbers. The part of the tree that is of interest to SNMP starts with the “internet” node:

iso.org.dod.internet or 1.3.6.1

Interesting nodes under that one include:

internet.mgmt.mib-2 or 1.3.6.1.2.1

internet.private.enterprises or 1.3.6.1.4.1

Most of the industry-standard management objects appear under mib-2, while objects defined by individual manufacturers appear under enterprises. Asanté Technologies, Inc. has 298 as its enterprise number (1.3.6.1.4.1.298). At the time of this writing, nearly 10,000 enterprise numbers have been assigned. A list of enterprise numbers can be found at ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers/.

74

Page 73 Page 75
Image 74
Page 73 Page 75
Contents IntraCore 35160 Series Quick Start Guide Layer 2 Gigabit Switches User’s Manual IntraCore 35160 SeriesTable of Contents Page Features IntroductionLEDs SwitchCore CXE2010Package Contents 1 IC35160-T 2 IC35160-GManagement and Configuration Front and Back Panel DescriptionsSnmp Management Console InterfaceWeb-Based Interface Safety Overview Hardware Installation and SetupInstallation Overview Recommended Installation ToolsEnvironmental Requirements Installation into an Equipment RackPower Requirements Cooling and AirflowInstalling a Gbic Gbic InterfacesRemoving a Gbic Installing the Optional Emergency Power SupplyConnecting Power Gbic Care and HandlingConnecting to the Network 1 10/100/1000BaseT Ports Cabling ProceduresConnecting to a Console SetupGigabit Ethernet Ports Cabling Procedures Connecting Via the Web Browser Connecting Via TelnetChanging the Password IP AssignmentSimple Network Management Protocol Snmp Logging ConfigurationAccessing a Submenu Exiting a SubmenuConfiguration Menu General InformationAdministration Configuration Changing System Administration InfoChanging System IP Information System IP ConfigurationPort Configuration Page Advanced Port Configuration Enabling or Disabling a PortSetting Port Maximum Packet Length Setting Port Class of ServiceSetting Port Default Priority Enabling or Disabling 802.3x Flow ControlUnicast Forwarding Database Configuration Global Port ConfigurationDisplaying the Forwarding Database Vlan Management Setting the MAC Address Age-Out TimeSecurity Management Searching for a MAC AddressChanging Community Strings Protocol ConfigurationSnmp Configuration Enabling Authentication Traps Adding or Updating a Trap ReceiverSpanning Tree Protocol STP Configuration Deleting a Trap ReceiverEnabling and Disabling STP Spanning Tree Port ConfigurationSetting Port Priority and Path Cost Trunk Group Configuration Assigning Packets to Priority Queues QoS Priority Queue ManagementDefining the Priority List Example Setting SSH/Telnet UI Time-out User Interface ConfigurationSetting Console UI Time-out Period Enabling or Disabling SSH and Telnet Change PasswordAdding or Deleting an Access Host Enabling or Disabling the Web Server Access ControlSystem Utilities Adding or Deleting a Monitor Port Port MirroringEnabling or Disabling System Port Mirroring System Clock System ResetResetting the Switch Scheduling a System Reset System LogBootstrap Configuration Clearing the System LogTftp File Transfers Statistics Ping UtilityRmon Management Advanced ManagementSnmp and Rmon Management Enabling and Disabling Duplicated IP Trap Duplicated IP Detection and TrapEnabling and Disabling Duplicated IP Detection Viewing a List of Duplicated IP AddressesConfiguring Port Security Enabling and Disabling Station Movement TrapConfiguring Port New Node Detection Trap Configuring Port Lock and Intruder LockSetting the Intruder Trap Port-based Network Access ControlConfiguring Security Level 2 or Level Resetting Security to DefaultsPage Port Control Settings Name DescriptionSetting Timers Server Port Setting Radius ParametersRadius Server IP Vlan Management Vlan Specifications for the IntraCore 35160 SeriesOther Vlan Features of the switch Configuring Static Vlan Groups Creating a VlanAdvanced Static Vlan Configuration Configuring Port Receive Frame Type Configuring Vlan Port AttributesSetting the Port Vlan ID Adding and Deleting VLANs from the PortSetting Port Type Displaying a Summary of Vlan GroupsDisplaying a Vlan Port Summary Resetting Vlan Configuration to DefaultsIP Multicast Traffic Management Multicast AddressesEnabling and Disabling Igmp Snooping Configuring IP Multicast Traffic ManagementIgmp Snooping Advanced Igmp Configuration Displaying a Summary of Group AddressesInserting a Multicast Group Address IP Multicast Forwarding Database ConfigurationAdding Ports to the Selected Address Removing a Multicast Group AddressAccessing with a Web Browser Web-Based ManagementManagement Buttons Front Panel ButtonGenl Info General Information Button Port Config Port Configuration Button Span Tree Spanning Tree Button Snmp Button Addr Address Table ButtonVlan Group Create Vlan ConfigurationVlan Button Port Vlan ID Pvid Port ConfigurationSet Port Type Acceptable Frame Type Port Ingress Filtering Trunking Button Security Button Tag/Untag Port Egress TypePage Snmp Protocol Snmp ManagementSnmp Management Operations Name Space Path Community Name and SecurityMIB Tree MIB Groups Supported Port-Based VLANs Switching ConceptsVLANs Vlan ID and Tagged FramesHow It Works Spanning Tree ProtocolPort Vlan ID Spanning Tree ParametersFull Duplex Spanning Tree Port ConfigurationFull Duplex, Flow Control, and Auto-negotiation Flow Control Auto-NegotiationAppendix A. Troubleshooting Problem Possible SolutionsPhysical Characteristics Appendix B. Features and SpecificationsSpecifications Standards Compliance Technical Support and WarrantyEnvironmental Range IntraCare Warranty Statement Appendix C. FCC Compliance and Warranty StatementsFCC Compliance Statement Important Safety Instructions Page Pin Number Signal Name Appendix D. Console Port Pin OutsAppendix E. Online Warranty Registration Image Banks Appendix F. BootP ConfigurationBootstrap Configuration Loading Software LocallyBOOTP-TFTP Loading Software Remotely
Top Page Image Contents