Step 1 – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

SNMP Introduction

Software Reference for x310 Series Switches

67.14

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

The SNMP agent does not support a default community called “public” with read-only
access, traps disabled and open access as mandated in RFC 1812, as this is a security hole
open for users who wish to use the switch with minimal modification to the default
configuration. The default configuration of the switch has no defined communities.
Communities must be explicitly created.

SNMP authentication (for SNMPv1 and v2) is a mechanism whereby an SNMP message is
declared to be authentic, that is from an SNMP application entity actually in the
community to which the message purports to belong. The mechanism may be trivial or
secure. The only form of SNMP authentication implemented by the switch’s SNMP agent is
trivial authentication. The authentication failure trap may be generated as a result of the
failure to authentication an SNMP message.

Switch interfaces can be enabled or disabled via SNMP by setting the ifAdminStatus
object in the ifTable of MIB-II MIB to ‘Up(1)’ or ‘Down(2)’ for the corresponding ifIndex. If it
is not possible to change the status of a particular interface the switch returns an SNMP
error message.

The switch’s implementation of the ifOperStatus object in the ifTable of MIB-II MIB
supports two additional values—”Unknown(4)” and “Dormant(5)” (e.g. an inactive dial-on-
demand interface).

An SNMP MIB view is a subset of objects in the MIB that pertain to a particular network
element. For example, the MIB view of a hub would be the objects relevant to
management of the hub, and would not include IP routing table objects, for example. The
switch’s SNMP agent does not allow the construction of MIB views. The switch supports all
relevant objects from all MIBs that it implements.

Note that the switch’s standard set and show commands can also be used to access
objects in the MIBs supported by the switch.

Defining

Management

Stations within

Communities

You can add management stations to a community either individually, by entering just its
IP address, or you can enter a range of management stations by entering an IP address
that ends with a ‘/’ character followed by a number between 1 and 32. The number that
follows the ‘/’ character operates as an address mask to define a range of addresses for the
management stations. The following example shows how to allocate a band of three
binary addresses to a portion of the subnet 146.15.1.X

Example

In this example we make provision for up to 8 possible management stations within a
community called “admin”.

Step 1:

Decide on the number of management stations that you want to assign to a particular
subnet, then decide how many binary digits are required to define this number of
addresses. In this case we need up to 8 management stations, so we will assign 3 binary
digits (3 binary digits can provide 8 different values). To assign the last 3 binary digits for
management stations, we assign a prefix that is a count of all binary digits in the address
minus those to be assigned as management stations. In this case the prefix is 29; this
being the number of binary digits in an IP address (32) minus the number of digits
assigned to the management stations (3).

Caution

An unauthorized person with knowledge of the appropriate SNMP
community name could bring an interface up or down. Community names
act as passwords for the SNMP protocol. When creating an SNMP
community with write access, take care to select a secure community name
and to ensure that only authorized personnel know it.