beautypg.com

Snmp management, Snmpv3 secure management – Proxim AP-4000 User Manual

Page 16

background image

Introduction

AP-4000 Series User Guide

Management and Monitoring Capabilities

16

Users enter Command Statements, composed of CLI Commands and their associated parameters. Statements may be
issued from the keyboard for real time control, or from scripts that automate configuration.

For example, when downloading a file, administrators enter the download CLI Command along with IP Address, file
name, and file type parameters.

You access the CLI over a HyperTerminal serial connection or via Telnet. During initial configuration, you can use the CLI
over a serial port connection to configure an Access Point’s IP address. When accessing the CLI via Telnet, you can
communicate with the Access Point from over your LAN (switch, hub, etc.), from over the Internet, or with a “crossover”
Ethernet cable connected directly to your computer’s Ethernet Port. See

Command Line Interface (CLI)

for more

information on the CLI and for a list of CLI commands and parameters.

SNMP Management

In addition to the HTTP and the CLI interfaces, you can also manage and configure an AP using the Simple Network
Management Protocol (SNMP). Note that this requires an SNMP manager program, like HP Openview or Castlerock’s
SNMPc. The AP supports several Management Information Base (MIB) files that describe the parameters that can be
viewed and/or configured over SNMP:

• MIB-II (RFC 1213)
• Bridge MIB (RFC 1493)
• Ethernet-like MIB (RFC 1643)
• 802.11 MIB
• ORiNOCO Enterprise MIB

Proxim provides these MIB files on the CD-ROM included with each Access Point. You need to compile one or more of
the above MIBs into your SNMP program’s database before you can manage an Access Point using SNMP. See the
documentation that came with your SNMP manager for instructions on how to compile MIBs.

The Enterprise MIB defines the read and read-write objects that can be viewed or configured using SNMP. These objects
correspond to most of the settings and statistics that are available with the other management interfaces. See the
Enterprise MIB for more information; the MIB can be opened with any text editor, such as Microsoft Word, Notepad, or
WordPad.

SNMPv3 Secure Management

SNMPv3 is based on the existing SNMP framework, but addresses security requirements for device and network
management.

The security threats addressed by Secure Management are:

Modification of information: An entity could alter an in-transit message generated by an authorized entity in such a

way as to effect unauthorized management operations, including the setting of object values. The essence of this
threat is that an unauthorized entity could change any management parameter, including those related to
configuration, operations, and accounting.

Masquerade: Management operations that are not authorized for some entity may be attempted by that entity by

assuming the identity of an authorized entity.

Message stream modification: SNMP is designed to operate over a connectionless transport protocol. There is a

threat that SNMP messages could be reordered, delayed, or replayed (duplicated) to effect unauthorized
management operations. For example, a message to reboot a device could be copied and replayed later.

Disclosure: An entity could observe exchanges between a manager and an agent and thereby could learn of notifiable

events and the values of managed objects. For example, the observation of a set command that changes passwords
would enable an attacker to learn the new passwords.

To address the security threats listed above, SNMPv3 provides the following when secure management is enabled:

• Authentication: Provides data integrity and data origin authentication.