Paradyne 7610, SNMP DSU Controlling SNMP Access

Security

4-6 7610-A2-GB20-10

November 1997

Controlling SNMP Access

There are three methods for limiting SNMP access.

Disable the SNMP management option.

Assign SNMP community names and access levels. The DSU supports

SNMP Version 1, which provides limited security through the use of

community names.

Limiting SNMP access through validation of the IP address of each allowed

SNMP manager.

Assigning SNMP Community Names and Access Levels

The DSU can be managed by an SNMP manager supporting the SNMP protocol.

The community name must be supplied by an external SNMP manager accessing

an object in the MIB.

To define SNMP community names, follow this menu selection sequence:

Main Menu

→

Configuration

→

Load Configuration From

→

Edit

→

SNMP & Communication

→

General SNMP Management

Refer to General SNMP Management Options, Table A-10, to:

Enable SNMP Management.

Assign the SNMP community names of the SNMP Managers that are allowed

to access the DSU’s Management Information Base (MIB).

Specify read or read-write access for each SNMP community name.

Limiting SNMP Access through the IP Addresses of the Managers

The DSU provides an additional level of security through validation of the

IP addresses.

The SNMP Management option must be enabled. To control SNMP access with

IP addresses, follow this menu selection sequence:

Main Menu

→

Configuration

→

Load Configuration From

→

Edit

→

SNMP & Communication

→

SNMP NMS Security Options

Refer to SNMP NMS Security Options, Table A-11. The SNMP access can be

limited by:

Enabling NMS IP address validation to perform validation checks on the

IP address of an SNMP management system attempting to access the DSU.

Specifying read or read-write access for each NMS authorized to access the

unit.

Contents

Main Page i Contents About This Guide 1About the SNMP DSU 2Using the ATI ii 3Customizing the SNMP DSU 4Security 5IP Addressing iii 6Monitoring the DSU 7Testing 8Messages and Troubleshooting iv AConfiguration Option Tables BWorksheets CMIB Descriptions DStandards Compliance for SNMP Traps Page vii About This Guide Document Purpose and Intended Audience Document Summary Section Description viii Product-Related Documents Document Number Document Title 1-1 About the SNMP DSU 1 Model 7610 SNMP DSU Features 1-2 SNMP Management Capabilities MIB Support 1-3 Supported Link-Layer Protocols Model 7610 DSU Startup Instructions Typical SNMP DSU Configurations 1-4 User Interface Types Monitoring the DSU IP Addressing SNMP DSU Features Using the ATI Using the ATI 2 Security Accessing the ATI Connecting to the Terminal Port Using the ATI Main Menu 2-3 Screen Format Types What Affects Screen Displays 2-4 Screen Work Areas Edit Entering Device and System Information Terminal Port Switching Between Screen Work Areas Navigating the Screens Keyboard Keys " 2-6 Screen Function Keys 2-7 Switching Between Screen Work Areas Example: Ending a Session 3-1 Customizing the SNMP DSU 3 Identity Information ASCII Characters Entering Device and System Information Device Name Identity Information Identity 3-3 Configuring the DSU Configuration Option Tables, Configuration Option Areas Worksheets, 3-4 Accessing and Displaying Configuration Options Security n Saving Configuration Options 3-5 Establishing Call Setup Call Directories Screen Call Directories 3-6 3-7 Call Setup Screen 4-1 Security 4 Controlling SNMP Access ATI Access Security Overview 4-2 Creating a Login Device Reset ASCII Characters ATI Access . Deleting a Login Administer Logins 4-4 ATI Access Effective Access Level Security 4-5 4-6 Controlling SNMP Access Assigning SNMP Community Names and Access Levels Limiting SNMP Access through the IP Addresses of the Managers 5-1 IP Addressing 5 Addressing Scheme Examples IP Selecting an IP Addressing Scheme 5-2 IP Addressing Scheme Examples IMC Connection Same Subnet 5-3 Using Routers to Route DSU Management Data 5-4 Assigning IP Addresses and Subnet Masks Load Configuration From Choosing a Default Network Destination Communication Protocol Monitoring the DSU 6 MIB Descriptions What to Monitor DSU LEDs 6-2 System LEDs 6-3 Network LEDs 6-4 Port LEDs 6-5 Unit Status Viewing Health and Status System and Test Status 6-6 Table 6-1. Health and Status Messages (2 of 2) Message What To DoWhat Message Indicates 6-7 Self-Test Results Network Interface Status Network Interface Status 6-8 Network Performance Statistics hhh:mm:ss Performance Statistics 7-1 Testing 7 Alarm Messages Monitoring the DSU DSU LEDs Detecting Problems Tests Available Network Tests 7-3 CSU or External Network Loopback Network Test DSU or Internal Network Loopback Send V.54 Up/Down Sequences Data Port Tests Data Port Tests Local Loopback 511 Test Pattern for the DTE Lamp Test Ending an Active Test Test Status Messages Testing 7-6 Table 7-1. Test Status Messages (2 of 2) Test Status Message Meaning Loopbacks 7-7 Device Reset 7-8 8-1 Messages and Troubleshooting 8 Messages and Troubleshooting Alarm Messages ASCII Alarms 8-2 ASCII Alarm Messages (ddd:hh:mm) Entering Device and System Information 8-3 Configuring SNMP Traps Dialing Out SNMP Traps " 8-4 Device Messages x x 8-5 Table 8-1. Device Messages (2 of 2) Device Message What To DoWhat Message Indicates Troubleshooting 8-6 Table 8-2. Troubleshooting (2 of 2) Symptom SolutionsPossible Cause Tests Available A-1 Configuration Option Tables A section of Chapter 3. All changes to configuration options must be saved. Refer to the Configuration Option Tables Overview Saving Configuration Options System Options Menu System Table A-1. System Options (1 of 3) A-3 Table A-1. System Options (2 of 3) A-4 Table A-1. System Options (3 of 3) Trap: authentificationFailure Network Tests A-5 Network Interface Options Menu Network Table A-2. Network Interface Options (1 of 4) A-6 Table A-2. Network Interface Options (2 of 4) A-7 Table A-2. Network Interface Options (3 of 4) A-8 Table A-2. Network Interface Options (4 of 4) A-9 Data Port Options Menu Loopbacks Data Port Table A-3. Data Port Options (1 of 3) Loopbacks A-10 Table A-3. Data Port Options (2 of 3) A-11 User Interface Options Menu Terminal Port Options Terminal Port A-12 Table A-4. Terminal Port Options (2 of 3) Creating a Login ATI Access A-13 Management Port Options Management Port A-14 Table A-5. Management Port Options (2 of 3) A-15 External Device Options for the Management Port External Device A-16 Table A-6. External Device Options (1 of 3) A-17 Table A-6. External Device Options (2 of 3) A-18 Telnet Session Options Telnet Session A-19 Table A-7. Telnet Session Options (2 of 2) ATI Access A-20 Alarms & Traps Options Menu Call Setup Alarms & Traps Table A-8. Alarms & Traps Options (1 of 2) A-21 Table A-8. Alarms & Traps Options (2 of 2) Call Setup A-22 SNMP & Communication Options Menu Communication Protocol Options Communication Protocol A-23 Table A-9. Communication Protocol Options (2 of 2) A-24 General SNMP Management Options To access the General SNMP Management Options screen, follow this menu selection sequence: General SNMP Management Table A-10. General SNMP Management Options (1 of 2) ASCII Characters SNMP NMS Security Options SNMP NMS Security A-26 Table A-11. SNMP NMS Security Options (2 of 2) A-27 SNMP Traps Options To access the SNMP Traps Options screen, follow this menu selection sequence: SNMP Traps Table A-12. SNMP Traps Options (1 of 2) A-28 Table A-12. SNMP Traps Options (2 of 2) Traps: linkUp and linkDown Traps: Enterprise Specific Standards Compliance for SNMP Traps ASCII Characters Creating a Login Call Setup Entering Device and System Information A-30 B-1 Worksheets B Overview Configuration Worksheets B-2 Network Interface Data Port B-3 User Interface B-4 Alarms & Traps Management C-1 MIB Descriptions C MIB Description Overview MIB II RFC 1213 and RFC 1573 C-2 RS-232-Like MIB RFC 1659 Enterprise MIB Objects C-3 System Group (system 7) (system 6) (system 5) (system 4) C-4 C-5 Table C-2. Interfaces Group Objects (2 of 4) (ifEntry 7) (ifEntry 5) (ifEntry 4) C-6 Table C-2. Interfaces Group Objects (3 of 4) (ifEntry 15) (ifEntry 9) (ifEntry 8) C-7 Table C-2. Interfaces Group Objects (4 of 4) (ifXEntry 17) (ifXEntry 15) (ifXEntry 14) C-8 (ifTestEntry 1) (ifStackEntry3) (ifStackEntry2) (ifStackEntry1) C-9 Table C-5. Interface Test Group Objects (2 of 2) (ifTestEntry 6) (ifTestEntry 5) (ifTestEntry 3) C-10 must (ip21) (ipAddrEntry 2) (ipAddrEntry 1) C-11 Table C-6. IP Group Objects (2 of 2) (ip21) C-12 C-13 RS-232-Like MIB, RFC 1659 (rs232PortEntry 5) (rs232PortEntry 4) (rs232PortEntry 3) (rs232PortEntry 2) C-14 (rs232PortEntry 7) (rs232PortEntry 8) C-15 Table C-9. Asynchronous Port Table Objects (2 of 2) PortEntry 10) PortEntry 9) PortEntry 8) C-16 (rs232SyncPortEntry 13) (rs232SyncPortEntry 14) C-17 C-18 Enterprise MIB Objects D-1 Standards Compliance for SNMP Traps D SNMP Traps Overview Trap: authentificationFailure Standards Compliance for SNMP Traps D-2 Trap: warmStart SNMP Trap Description Possible Cause Traps: linkUp and linkDown D-3 Traps: Enterprise Specific Standards Compliance for SNMP Traps D-4 E-1 Cables and Pin Assignments E Cabling Overview E-2 Terminal Port EIA-232 Connector Management Port EIA-232 Connector E-3 V.35 User Data Port Connector Cables and Pin Assignments E-4 Standard EIA-232-D Crossover Cable Cables and Pin Assignments E-5 LAN Adapter Converter and Cable Modular RJ48S DDS Network Interface Cable GL-1 Glossary GL-2 GL-3 GL-4 IN-1 Index Numbers A C D F G H I K P R S T U