Controlling Snmp Access | Paradyne 7610, SNMP DSU specs

Security

Controlling SNMP Access

There are three methods for limiting SNMP access.

HDisable the SNMP management option.

HAssign SNMP community names and access levels. The DSU supports SNMP Version 1, which provides limited security through the use of community names.

HLimiting SNMP access through validation of the IP address of each allowed SNMP manager.

Assigning SNMP Community Names and Access Levels

The DSU can be managed by an SNMP manager supporting the SNMP protocol. The community name must be supplied by an external SNMP manager accessing an object in the MIB.

To define SNMP community names, follow this menu selection sequence:

Main Menu → Configuration → Load Configuration From → Edit →

SNMP & Communication → General SNMP Management

Refer to General SNMP Management Options , Table A-10, to:

HEnable SNMP Management.

HAssign the SNMP community names of the SNMP Managers that are allowed to access the DSU's Management Information Base (MIB).

HSpecify read or read-write access for each SNMP community name.

Limiting SNMP Access through the IP Addresses of the Managers

The DSU provides an additional level of security through validation of the

IP addresses.

The SNMP Management option must be enabled. To control SNMP access with

IP addresses, follow this menu selection sequence:

Main Menu → Configuration → Load Configuration From → Edit →

SNMP & Communication → SNMP NMS Security Options

Refer to SNMP NMS Security Options, Table A-11. The SNMP access can be limited by:

HEnabling NMS IP address validation to perform validation checks on the

IP address of an SNMP management system attempting to access the DSU.

HSpecifying read or read-write access for each NMS authorized to access the unit.

4-6

November 1997

7610-A2-GB20-10

Image 33

Paradyne 7610, SNMP DSU manual Controlling Snmp Access, Assigning Snmp Community Names and Access Levels

Contents

Model 7610 Snmp DSU Copyright 1996 Paradyne Corporation All rights reserved Contents Customizing the Snmp DSU Monitoring the DSU Configuration Option Tables Glossary Index About This Guide Document Purpose and Intended AudienceDocument Summary Appendix a Product-Related Documents About the Snmp DSU Model 7610 Snmp DSU Features MIB Support Snmp Management Capabilities Supported Link-Layer Protocols Typical Snmp DSU Configurations Rear Panel Interface Connections User Interface TypesModem Terminal Using the ATI Accessing the ATIConnecting to the Terminal Port Main Menu Status Test Configuration ControlSelect Edit/Display Screen Format Types What Affects Screen DisplaysUse the screen format Menu Path Screen Work Areas Navigating the Screens Keyboard KeysPress For the screen function Select Press Return to Screen Function Keys Ending a Session Switching Between Screen Work Areas Entering Device and System Information Customizing the Snmp DSU System Fields Identity Information Configuring the DSU Configuration Option AreasConfiguration Option Area Configuration Option Set Accessing and Displaying Configuration Options Saving Configuration OptionsIf you select Then Call Directories Screen Establishing Call Setup Call Directory Phone Number Entries Characters Use Main Menu → Control → Call Setup Call Setup Screen Security Overview Security On the Administer Enter Logins screen, for Creating a Login Deleting a Login ATI Access Effective Access LevelEffective Access Levels ATI Access to Menu Functions User Interface Already Interface Idle appearsConnection Refused Assigning Snmp Community Names and Access Levels Controlling Snmp Access Selecting an IP Addressing Scheme IP Addressing IMC Connection ± Same Subnet IP Addressing Scheme ExamplesRemote Site Subnet DDS Using Routers to Route DSU Management Data Choosing a Default Network Destination If using ThenAssigning IP Addresses and Subnet Masks Monitoring the DSU What to MonitorDSU LEDs Main Menu → Status → Display LEDs System LEDs OOS ± Out of Service DM ± Data ModeNS ± No Signal Network LEDs Port LEDs Unit Status Viewing Health and StatusHhhmmss Yyyyyyyy Self-Test Results Network Interface Status Network Performance Statistics Network Performance Statistics Detecting Problems TestingAlarm Condition Trap ATI Status Ascii Alarm Screen If configured Network Tests Tests Available CSU or External Network Loopback DSU or Internal Network LoopbackSend V.54 Up/Down Sequences Lamp Test Data Port TestsTest Pattern for the Network Local Loopback Ending an Active Test Test Status MessagesTest Status Messages 1 Meaning Loopbacks Test Status Messages 2 MeaningLoopbacks 1 Loopback Type Initiated By Loopbacks 2 Loopback Type Initiated By Device Reset If entering yes to prompt Then all Messages and Troubleshooting Messages and TroubleshootingAlarm Messages Ascii Alarms Ascii Alarm Messages Dialing Out Snmp Traps Configuring Snmp Traps Device Messages 1 What Message Indicates What To Do Device Messages Troubleshooting Troubleshooting 1 Symptom Possible Cause SolutionsDevice Messages 2 What Message Indicates What To Do Tests Available section Troubleshooting 2 Symptom Possible Cause Solutions Configuration Option Tables Configuration Option Tables OverviewSelect To Access To Configure System Options Menu Operating ModeTable A-1. System Options 1 Edit/Display Status Table A-1. System Options 2 Lads Timing Possible Settings Internal, External, ReceiveDDS Line Rate Kbps Lads Line Rate Kbps Security Violation Alarm Test TimeoutTable A-1. System Options 3 Test Duration min Table A-2. Network Interface Options 1 Network Interface Options MenuNetwork-initiated DSU Loopback 64K CC Data Scrambling 64K CC Cross Pair Detection Alarm Table A-2. Network Interface Options 2IMC Routing Information Protocol Out of Service Alarm No Signal AlarmOut of Frame Alarm Excessive BPV Alarm Table A-2. Network Interface Options 4 In-Band Framing Alarm Table A-3. Data Port Options 1 Data Port Options MenuInvert Transmit Clock Bilateral Loopback Table A-3. Data Port Options 2 Carrier Control by RTSRlsd Control Terminal Port Options User Interface Options MenuTable A-3. Data Port Options 3 Table A-4. Terminal Port Options 1 Port Access Level Possible Settings Level 1, Level 2, Level Login RequiredTable A-4. Terminal Port Options 2 Parity Management Port Options Table A-4. Terminal Port Options 3Table A-5. Management Port Options 1 Port Type Possible Settings Asynchronous, Synchronous Table A-5. Management Port Options 2Clock Source External Device Options for the Management Port Table A-5. Management Port Options 3Routing Information Protocol Dial-In Access External Device CommandsTable A-6. External Device Options 1 Connect Prefix Table A-6. External Device Options 2 Connect Indication StringEscape Sequence Table A-6. External Device Options 3 Telnet Session OptionsTable A-7. Telnet Session Options 1 Disconnect String Disconnect Time minutes Table A-7. Telnet Session Options 2 Table A-8. Alarms & Traps Options 1 Alarms & Traps Options MenuAscii Alarm Messages Alarm & Trap Dial-Out Snmp Trap Disconnect Table A-8. Alarms & Traps Options 2Call Retry Alternate Dial-Out Directory Snmp & Communication Options Menu Communication Protocol OptionsTable A-9. Communication Protocol Options 1 Default Network Destination Table A-9. Communication Protocol Options 2Management Port Link Protocol General Snmp Management Options Name 1 AccessTable A-10. General Snmp Management Options 1 Snmp Management Snmp NMS Security Options Name 2 AccessTable A-10. General Snmp Management Options 2 Table A-11. Snmp NMS Security Options 1 Table A-11. Snmp NMS Security Options 2 Access Level Table A-12. Snmp Traps Options 1 Snmp Traps OptionsSnmp Traps Number of Trap Managers Table A-12. Snmp Traps Options 2 Link Traps Possible Settings Disable, Up, Down, BothEnterprise Specific Traps Link Trap Interfaces Ascii Characters Table A-13. Ascii Non-Printable Characters Sequence Hex SequenceHex Configuration Option Settings Configuration WorksheetsWorksheets Overview None, Proprietary Network Interface Terminal Port Management PortExternal Device Communication Protocol Enable, DisableGeneral Snmp Management Snmp NMS Security MIB Descriptions MIB Description OverviewMIB II ± RFC 1213 and RFC Enterprise MIB Objects RS-232-Like MIB ± RFC Physical 1 ± Layer System GroupDatalink/subnetwork 2 ± Internet 4 ± Layer Interfaces Interfaces GroupIfEntry Software Revision PPP Management port is Testing3 state IfXEntry Extension to Interface Table ifXTable Interface Stack Group Testing3Interface Test Table Down2 InSyncNoBitErrors ifTestCode 2 ± InSyncWithBitErrorsIfTestEntry2 Table C-6. IP Group Objects 1 Description Setting/Contents Generic Receive Address TableIP Group Table C-6. IP Group Objects 2 Description Setting/Contents TCP Group Icmp GroupUDP Group Transmission Group Number of RS-232-Like Ports Object RS-232-Like MIB, RFCGeneral Port Table Objects Rs232PortEntry Rs232Async PortEntry Asynchronous Port Table Objects Synchronous Port Table Objects Rs232AsyncRs232Sync Integer number ± represents Input Signal Table ObjectsRs232Sync PortEntry Rs232InSigEntry Rs232OutSigEntry Output Signal Table Objects Port Usage Table, pdn-devPortUsage pdn-interfaces Device Configuration Variable pdn-commonDDS Interface Specific Definitions, pdn-dds pdn-interfaces Device Security, pdn-security pdn-common Snmp Traps Overview Standards Compliance for Snmp TrapsTrap authentificationFailure Snmp Trap Description Possible Cause Trap warmStart Traps linkUp and linkDownInterface LinkUp/Down Variable-Bindings Possible Cause Trap What It Indicates Possible Cause Traps Enterprise Specific 7610-A2-GB20-10 Cabling Overview Cables and Pin Assignments Terminal Port EIA-232 Connector Management Port EIA-232 ConnectorSignal Direction Pin # User Data Port Connector SignalDirection Pin Socket Connector Pin Standard EIA-232-D Crossover Cable Modular RJ48S DDS Network Interface Cable LAN Adapter Converter and CableRJ48S DDS Network Interface Cable Functions Circuit Pin # Cable Plug to Modular Jack LAN Adapter Glossary EIA-232 Factory defaultsEnterprise MIB Excessive BPV Latching loopback ResetLink layer protocol Loopback RS-232 RouterSubnet Subnet address Numbers Index IN-2 IN-3