beautypg.com

Configuration example (snmpv1 and v2) – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1773

background image

SNMP Introduction

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

67.15

Step 2:

The method used in this step depends on whether or not the community already exists.

If the community called “admin” does not exist, create a new community called
“admin” and allocate a three binary digit block of addresses to the address subnet
146.15.1.X.

If the community called “admin” already exists, allocate a three binary digit block of
addresses to an existing community called “admin” with the address subnet
146.15.1.X.

For security reasons, the common management prefix should be larger than the IP subnet.
This prevents stations on one subnet from being considered valid management stations
on a different subnet.

Configuration Example (SNMPv1 and v2)

This example shows how to configure the switch’s SNMP agent. Two network
management stations have been set up on a large network. The central NMS (IP address
192.168.11.5) monitors devices on the network and uses SNMP set messages to manage
devices on the network. Trap messages are sent to this management station. The regional
network management station (IP addresses 192.168.16.1) is used just to monitor devices
on the network by using SNMP get messages. Link traps are enabled for all interfaces on
this particular switch.

IP and VLANs must be correctly configured in order to access the SNMP agent in the
switch. This is because the IP module handles both the TCP transport functions, and the
UDP functions that enable datagrams to transport SNMP messages. See

Chapter 25, IP

Addressing and Protocol Commands

for commands that enable and configure IP.

To configure SNMP

Step 1:

Enable the SNMP agent.

Enable the SNMP agent and enable the generation of authenticate failure traps to monitor
unauthorized SNMP access. SNMP is enabled by default in AlliedWare Plus.

Step 2:

Create a community with write access for the central NMS.

Create a write access community called “example1rw” for use by the central network
management station at 192.168.11.5 Use an ACL to give the central NMS SNMP access to
the switch using that community name.

Care must be taken with the security of community names. Do not use the names “private”
or “public” in your network because they are too obvious. Community names act as
passwords and provide only trivial authentication. Any SNMP application entity that
knows a community name can read the value of any instance of any object in the MIB
implemented in the switch. Any SNMP application entity that knows the name of a
community with write access can change the value of any instance of any object in the
MIB implemented in the switch, possibly affecting the operation of the switch.

SNMP V1 or V2c provide very minimal security. If security is a concern, you should use
SNMPv3.

awplus(config)#

snmp-server enable trap auth

awplus(config)#

access-list 66 permit 192.168.11.5

awplus(config)#

snmp-server community example1rw rw 66

See also other documents in the category Allied Telesis Computer hardware: