6.3 Community Name and Security
SNMP v.1 was not designed to be a secure protocol. There is no true password, although the string known as a community string does serve some of the same purposes.
SNMP-aware devices, such as this switch, often ship with well-known community strings. For this reason, it is important that you change the default community strings before putting the switch on a network. The 3500 series switches improve on normal security by requiring the management station to appear in the SNMP host table before the agent will recognize the manager.
6.4 The MIB Tree
When the SNMP was designed, a formal structure for creating new management objects was created. A tree represents the structure: nodes in the tree are represented as strings of numbers separated by periods. There are three components of the tree:
1.The unnamed root of the tree contains a set of characters common to all MIB objects located beneath the root. Objects beneath unnamed are said to be in that root’s domain.
2.A sub-tree contains a subset of the information available at the root. A sub-tree may also serve as a root and have sub-trees of its own.
3.A leaf is a sub-tree with no additional sub-trees in its domain. A leaf represents a single MIB object whose characteristics are unique from any other MIB object.
The group or organization that owns the sub-tree path assigns sub-tree numbers. The object names in the path are unique all the way to the end of the path.
6.4.1 Name Space Path
The name space path is used by the SNMP protocol to define the piece of data that the manager wants.
There are three main name space paths:
1.ISO (International Standards Organization): All sub-tree leaves are under the ISO control.
2.CCITT (Consultative Committee on International Telephony and Telegraphy): the group that sets the standards for the interconnection of telephone equipment).
3.ISO-CCITT: Joint ISO and CCITT.
Each MIB object can be located by following a path from unnamed, through the sub-trees, to the leaf, following the string of numbers. The part of the tree that is of interest to SNMP starts with the internet node:
iso.org.dod.internet or 1.3.6.1
Interesting nodes under that one include:
•internet.mgmt.mib-2 or 1.3.6.1.2.1
•internet.private.enterprises or 1.3.6.1.4.1
Most of the industry-standard management objects appear under mib-2, while objects defined by individual manufacturers appear under enterprises. Asanté Technologies, Inc. has 298 as its enterprise number (1.3.6.1.4.1.298). At the time of this writing, there are nearly 10,000 enterprise numbers assigned. You can get a list of enterprise numbers from ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers/.
6.4.2 MIB Groups Supported
The following MIB-II groups are supported:
•The System Group -- General information about the managed system, such as contact information and system name
•The Interfaces Group -- Information about each interface in the managed unit, and statistics for that interface
•The Address Translation Group -- This group is deprecated, and should not be used