• No results found

SNMP Login Management

In document EPON User Manual Switch Part (Page 153-158)

SNMP (Simple Network Management Protocol) is an important network management protocol on TCP / IP networks, implementing network management by exchanging packets on the network. The SNMP protocol provides the possibility of centralized management of large networks. Its goal is to ensure the management information is transmitted between any two points. SNMP is convenient for the network administrator to retrieve information from any node on the network, make modifications, find faults, and complete fault diagnosis, capacity planning and report generation.

SNMP structure is divided into two parts: NMS and Agent.NMS (Network Management Station) is a workstation that runs client programs while Agent is a server-side software running on a network device. The NMS can forward GetRequest, GetNextRequest, and SetRequest packets to the Agent. Upon receiving the NMS request message, the agent performs Read or Write operations according to the packet type and generates a Response packet to return to the NMS. On the other hand, when the device encounters an abnormal event such as hot / cold start, the agent will forward a trap packet to NMS to report the events.

The system supports SNMP v1, SNMP v2c and SNMP v3. SNMP V1 provides a simple authentication mechanism, does not support the administrator-to-manager communications, andv1 Trap has no confirmation mechanism.V2c enhanced v1 management model (on security), management information structure, protocol operation, manager and communication ability between managers to increase the creation and deletion of the table, the communication ability between managers, reducing the storage side of the agent.V3 implements the user authentication mechanism and packet encryption mechanism, which greatly improves the security of the SNMP protocol.

This function cooperates with the network management software to log on to the OLT and manage the OLT.

11.2 Configuring the Basic Parameters

Configuring the Basic Parameters

operation command remark

Enter global configuration

mode configure terminal required

Enable/disable SNMP snmp-server [ enable | disable ] optional. Enabled by default. Configure sysContact [no] snmp-server contact syscontact optional, with

default parameters Display sysContact

configuration show snmp contact optional

Configure sysLocation [no] snmp-server locationsyslocation optional, with default parameters Display sysLocation

configuration show snmp location optional

Configure sysName [no] snmp-server name sysname optional, with default parameters

Display sysName configuration show snmp name optional

Configure maximum length of

snmp protocol packets [no] snmp-server max-packet-length length optional Display the mib node

137

Note:

1. The device that does not use the configuration command of snmp-server [ enable | disable ] does not need to be configured. It is enabled by default and can not be disabled.

11.3 Configure the Community Name

SNMP adopts the community name authentication scheme. SNMP packets that do not match the community name will be discarded. SNMP community is named by a string, known as the community name. Different communities can have read-only or read-write access permission. A community with read-only access can only query system information. However, in addition to query the system information, the community with read-write access permission can perform the system configuration. It defaults to no community name.

Configure the Community Name

operation command remark

Enter global configuration

mode configure terminal required

Configure whether to display the community name

encrypted or not snmp-server community encrypt { enable | disable }

Optional; The default is not

encrypted. Configure the community

name

snmp-server community name { ro | rw } { permit | deny } [view view-name]

Optional; The iso view is used

by default.

Display the community name show snmp community optional, with

default parameter Remove the community

name no snmp-server community community- index optional

Note:

1.The community name encryption function is irreversible. That is, after the encryption is configured, if the encryption function is disabled, the previously encrypted community will not become a plain text, and only the newly configured community will be encrypted.

11.4 Configure the Group

This configuration task can be used to configure an access control group. By default, there are two snmpv3 groups: (1) The initial group with the security level of auth;(2)The initial group with the security level of noauthpriv(No authentication is required and no encryption is required)

Configure the Group

operation command remark

Enter global

configuration mode configure terminal required

Configure the group snmp-server group view write write-viewgroup-name notify notify-view 3 [auth | noauth | priv] read read- required Configure the context

of the group [no]snmp-server group group-name 3 context context-name optional Display the group

configuration show snmp group [ group-name ] optional

Note:

1.In the configuration control group, the write-view and the notify-view have no default values, so you must enter the view name in the configuration. readview defaults to iso and the security level defaults to auth.

138

11.5 Configure the User

It is used to configure the user for the local engine or for the remote engine that can be identified. By default, the following users exist: (1)initialmd5, (2) initialsha, (3) initialnone.

The above three users are reserved for the system and cannot be used by the user. When configuring a user, you need to ensure that the engine to which this user belongs is identifiable. When an identifiable engine is deleted, the users it contains are also deleted.

Configure the User

operation command remark

Enter global configuration

mode configure terminal required

Configure whether the display of password is encrypted or not

snmp-server encrypt { enable | disable } The default isOptional; encryption Configure the user

snmp-server user usernamegroupname [ remote ipaddress [ udp-port port-number] ] [ auth { md5 | sha } { auth- password authpassword | auth-key authkey } [ priv des priv- key { auth-key privkey | auth-password privpassword } ]]

required Remove the user no snmp-server user port-number ] ] username [ remote ipaddress [ udp-port optional Display the user

configuration show snmp user [username] optional

Note:

1.remote ipaddress [ udp-port port-number] :It means to configure the remote engine user. If you do not enter, it means to configure the local engine user. It defaults to local engine user. Port is the remote engine port number; if you do not enter, the default port number is 162.

3. There are three levels of user privilege levels: a.:noauthpriv (No authentication is required and no encryption is required), It is the default configuration;b.auth(Authentication is required but not encrypted);c.authpriv(It requires authentication and encryption). The user's security level must be the same as the corresponding group security group.

11.6 Configure the Views

It is used to configure the views available to access control and the subtrees that they contain. The iso, internet, and sysview exist by default. Delete and modify the internet is not supported.

Configure the Views

operation command remark

Enter global

configuration mode configure terminal required

Configure the views snmp-server view view-nameoid-tree { included | excluded } required Remove the views no snmp-server view view-name [ oid-tree ] optional Display the views

configuration show snmp view view-name optional

11.7 Configure SNMP Notification

Configure SNMP Notification

139

Enter global

configuration mode configure terminal required

Configure the source IP of the notification packets

[no]snmp-server trap-source { loopback-interface |vlan-interface |

supervlan-interface } if-id optional

Enable notification

function [no]snmp-server enable [ [ informs | traps ] [ bridge | gbn | gbnsavecfg | interfaces | rmon | snmp ] ] required Display notification

configuration show snmp notify optional

Configure to notify the destination host

[no]snmp-server host ipaddress [version {1 | 2c | 3 [auth | noauthpriv | priv ] } security-name [ udp-port port-number] [ notify-type [ bridge | gbn | gbnsavecfg | interfaces | rmon | snmp ] ]

required

Display the

configuration of notification host

show snmp host optional

11.8 Configure Engine ID

It is used to configure the engine id of the local snmp and the engine id of the remote snmp. The local engine id defaults to 134640000000000000000000, and it can be modified but cannot be deleted. The remote engine id can be added and removed. By default, the remote engine id is not identified. Once an identifiable remote engine is deleted, its corresponding users will also be deleted. The maximum number of configurable remote engines is 32.This command uses the command of no to restore the default local engine id or delete the remote engine id.

Configure Engine ID

operation command remark

Enter global

configuration mode configure terminal required

Configure engineid snmp-server engineid { local port-number] engine-id } engine-id | remote ipaddress [ udp-port optional Display engineid

configuration show snmp engineid { local | remote } [ id ] optional Remove engineid no snmp-server engineid { local | remote ipaddress port-number } optional

11.9 Configuration Example for Snmp

1.Network requirements

Before accessing the OLT with the mib-browser, make sure that the mib-browser terminal is able to communicate with the OLT properly.

a. Configure the community test2, and then make the mib-browser accesses the OLT through snmp v1 / v2;

b. Configure group name g3, user name u3, security levels are auth, make mib-browser access OLT through the snmp v3;

c. Configure snmp notice. Notify v2 and v3 respectively; 2.Configuration steps

#Enable snmp(There is no need to configure a device without this command) OptiWay(config)#snmp-server enable

#Configure the community test2, mib-browser accesses the OLT through snmp v1 / v2 OptiWay(config)#snmp-server community test2 rw permit view iso

#Configure the group name g3, the user name u3, the security levels are auth, mib-browser can access the OLT through snmp v3.

140

OptiWay(config)#snmp-server group g3 3 auth notify iso read iso write iso OptiWay(config)#snmp-server user u3 g3 auth md5 auth-password password OptiWay(config)#show snmp group g3 groupname: g3 securitymodel: 3 auth readview: iso writeview: iso notifyview: iso context: default value(NULL) OptiWay(config)#show snmp user u3

User name: u3

Engine ID: 134640000000000000000000 Authentication Protocol: HMACMD5AuthProtocol Group-name: g3

Validation: valid

# Configure the notification function #Enable the notification function

OptiWay(config)#snmp-server enable traps #configure to notify the host

OptiWay(config)#snmp-server host 192.168.1.10 version 2 test2 OptiWay(config)#snmp-server host 192.168.1.10 version 3 auth u3

141

12.DHCP Configuration

In document EPON User Manual Switch Part (Page 153-158)

Related documents