Chapter 5 | Configuring the Switch |
The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications.. You can configure the switch to respond to SNMP requests or generate SNMP traps..
When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred..
The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients.. To provide management access for version 1 or 2c clients, you must specify a community string.. The switch provides a default MIB View (i..e.., an SNMPv3 construct) for the default “public” community string that provides read access to the entire MIB tree, and a default view for the “private” community string that provides read/write access to the entire MIB tree.. However, you may assign new views to version 1 or 2c community strings that suit your specific security requirements..
SNMP > Global Parameters
An SNMPv3 engine is an independent SNMP agent that resides on the switch..This engine protects against message replay, delay, and redirection.. The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets..
A local engine ID is automatically generated that is unique to the switch.. This is referred to as the default engine ID.. If the local engine ID is deleted or changed, all SNMP users will be cleared.. You will need to reconfigure all existing users..
SNMP > Global Parameters
A new engine ID can be specified by entering 5 to 32 octets in hexadecimal characters..
Local Engine ID Enter an ID of 5 to 32 hexadecimal characters and then click Save..
User Default Check this box to set as default..
Enable Authentication Traps Issues a notification message to specified IP trap managers whenever authentication of an SNMP request fails.. Click the check box to enable Authentication traps..
Enable
To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides.. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host..
SNMP passwords are localized using the engine ID of the authoritative agent.. For informs, the authoritative SNMP agent is the remote agent.. You therefore need to configure the remote agent’s SNMP engine ID before you can send proxy requests or informs to it..
The engine ID can be specified by entering 5 to 32 hexadecimal characters..
Remote Engine ID Enter an ID of 5 to 32 hexadecimal characters..
Remote IP Host The Internet address of the remote device where the user resides..
Action Click to add or remove the Remote Engine ID and Remote host details entered..
45 |