Configuring SNMPv3 using EDM

The Ethernet Routing Switch 5000 Series allows for configuration of SNMPv3 using the EDM or NNCLI.

The SNMP agent supports exchanges using SNMPv1, SNMPv2c and SNMPv3.

Support for SNMPv2c introduces a standards-based GetBulk retrieval capability using SNMPv1 communities.

SNMPv3 support introduces industrial-grade user authentication and message security. This includes MD5 and SHA-based user authentication and message integrity verification, as well as AES- and DES-based privacy encryption.

Prerequisites

Configuring SNMPv3 using EDM navigation

Creating a new MIB view using EDM

Use the following procedure to create a new MIB view.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click MIB View.

4

In the toolbar, click Insert.

The Insert MIB View dialog box appears.

5

Configure the parameters as required.

6

Click Insert.


--End--

Variable definitions

The following table describes the fields of MIB View tab.

Variable Value
ViewName Specifies a new entry with this group name. The range is 1 to 32 characters.
Subtree Specifies a valid object identifier that defines the set of MIB objects accessible by this SNMP entity, for example, 1.3.6.1.1.5
Type Determines whether access to a mib object is granted (Included) or denied (Excluded). Included is the default.
StorageType Indicates the storage type for the view.

Deleting an MIB view using EDM

Use the following procedure to delete an MIB view.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click MIB View.

4

In the work area, select the record that you want to delete.

5

In the toolbar, click Delete.


--End--

Creating a new user using EDM

Use the following procedure to create a new user.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click User .

4

In the toolbar, click Insert.

The Insert User dialog box appears.

5

Configure the parameters as required.

6

Click Insert.


--End--

Variable definitions

The following table describes the fields of Insert User dialog box.

Variable Value
Name Indicates the name of the new user. The name is used as an index to the table. The range is 1 to 32 characters.
Auth Protocol Assigns an authentication protocol (or no authentication) from the menu. Available options are:
  • none
  • MD5
  • SHA
Default is none.

If you select this field, you must enter the AuthPassword, ConfirmPassword, and Priv Protocol.

AuthPassword Specifies the new user authentication password. This field is enable only if Auth Protocol is selected.
ConfirmPassword Retype the new user authentication password. This field is enable only if Auth Protocol is selected.
Priv Protocol Assigns an privacy protocol (or no privacy) from the menu. Available options are:
  • none
  • DES
  • 3DES
  • AES
Default is none.

If you select this field, you must enter the AuthPassword, ConfirmPassword, and Priv Protocol.

PrivacyPassword Specifies the new user privacy password. This field is enable only if Priv Protocol is selected.
ConfirmPassword Retype the new user privacy password. This field is enable only if Priv Protocol is selected.
ReadViewName Indicates the view name with read access.
WriteViewName Indicates the view name with write access.
NotifyViewName Indicates the view name with access to notifications.
StorageType Specifies the type of storage:
  • volatile
  • nonVolatile

Deleting a user using EDM

Use the following procedure to delete a user.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click User.

4

In the work area, select the user that you want to delete

5

In the toolbar, click Delete.

6

Click Yes to confirm.


--End--

Viewing user details using EDM

Use the following procedure to view user details.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click User.

4

In the work area, select user that you want to view.

5

In the toolbar, click Details.

The User Details tab appears displaying the details of selected user.


--End--

Variable definitions

The following table describes the fields of User Details tab.

Variable Value
Name Indicates the user name.
ContextPrefix Indicates the context name of the user.
SecurityModel Indicates the security model used to gain the access rights.
SecurityLevel Indicates the minimum level of security required to gain the access rights.
ReadViewName Indicates the view name authorizes read access.
WriteViewName Indicates the view name authorizes write access.
NotifyViewName Indicates the view name authorizes access for notifications.
StorageType Indicates the storage type:
  • volatile
  • nonVolatile

Creating a community using EDM

Use the following procedure to create a community.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click Community.

4

In the toolbar, click Insert.

The Insert Community dialog box appears.

5

Configure the parameters as required.

6

Click Insert.


--End--

Variable definitions

The following table describes the fields of Insert Community dialog box.

Variable Value
Index Indicates the unique index of the community.
CommunityName Indicates the name of the community.
ConfirmCommunity Retype the community name.
ReadViewName Indicates the view name with read access.
WriteViewName Indicates the view name with write access.
NotifyViewName Indicates the view name with access to notifications.
StorageType Indicates the storage type:
  • volatile
  • nonVolatile

Deleting a community using EDM

Use the following procedure to delete a community.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click Community.

4

In the work area, select the community that you want to delete.

5

In the toolbar, click Delete.

6

Click Yes to confirm.


--End--

Variable definitions

The following table describes the fields of Community tab.

Variable Value
Index Indicates the index of the community.
Name Indicates the name of the community.
ContextEngineID Indicates the context engine ID.
StorageType Indicates the storage type:
  • volatile
  • nonVolatile

Viewing details of a community using EDM

Use the following procedure to view the details of a community.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click Community.

4

In the work area, select a community that you want to view.

5

In the toolbar, click Details.

The Community Details tab appears displaying the details of selected community.


--End--

Variable definitions

The following table describes the fields of Community Details tab.

Variable Value
Name Indicates the name of the community.
ContextPrefix Indicates the context prefix.
SecurityModel Indicates the security model used.
SecurityLevel Indicates the minimum security level required to gain access rights.
ReadViewName Indicates the view name to which read access is authorized.
WriteViewName Indicates the view name to which write access is authorized.
NotifyViewName Indicates the view name to which notifications access is authorized.
StorageType Indicates the storage type:
  • volatile
  • nonVolatile

Creating a host using EDM

Use the following procedure to create a host.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click Host.

4

In the toolbar, click Insert.

The Insert Host dialog box appears.

5

Configure the parameters as required.

6

Click Insert.


--End--

Variable definitions

The following table describes the fields of Insert Host dialog box.

Variable Value
Domain Indicates the IP address domain to be used. Avaialble options are:
  • IPv4
  • IPv6
Default is IPv4.
DestinationAddress Indicates the destination address to be used.
Port Indicates the port to be used. Value ranges between 0 and 65535. Default is 162.
Timeout Indicates the time out period in seconds.
RetryCount Indicates the retry count. Value ranges between 0 and 255. Default is 3.
Type Indicates the host type. Available options are :
  • trap
  • inform
Default is trap.
Version Indicates the SNMP version to be used. Available options are:
  • SNMPv1
  • SNMPv2c
  • SNMPv3/UCM
SecurityName Indicates the security name used.
SecurityLevel Indicates the minimum security level required to gain access rights.
StorageType Indicates the storage type:
  • volatile
  • nonVolatile

Deleting a host using EDM

Use the following procedure to delete a host.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click Host.

4

In the work area, select the host you want to delete.

5

In the toolbar, click Delete.

6

Click Yes to confirm.


--End--

Variable definitions

The following table describes the fields of Host tab.

Variable Value
Domain Indicates the domain currently in use.
DestinationAddr (Port) Indicates the destination address and port currently in use.
Timeout Indicates the time out period set.
RetryCount Indicates the retry count set.
Type Indicates the host type set.
StorageType Indicates the storage type currently in use.

Configuring host notification control using EDM

Use the following procedure to configure host notification controls.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click Host.

4

In the work area, select a host.

5

In the toolbar, click Notification.

The Host Notification Control tab appears.

6

In the work area, select the notifications you want to enable.

OR

In the toolbar, click Enable All to enable all the notifications.

OR

In the toolbar, click Disable All to disable all the notifications.

7

In the toolbar, click Apply.


--End--

Variable definitions

The following table describes the fields of Host Notification Controls tab.

Variable Value
coldStart Signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself, and that its configuration may for each altered.
warmStart Signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself such that its configuration is unaltered.
linkDown Signifies that the SNMPv2 entity, acting in an agent role, has detected that the ifOperStatus object for one of its communication links is about to transition into the down state.
linkUp Signifies that the SNMPv2 entity, acting in an agent role, has detected that the ifOperStatus object for one of its communication links has come out of the down state.
authenticationFailure Signifies that the SNMP entity has received a protocol message that is not properly authenticated.
s5EtrSbsMacTableFull Signifies that the mac-security address table is filled.
s5EtrSbsMacTableClearedForPort Signifies that the mac-security address table is cleared for a particular port.
s5EtrSbsMacTableCleared Signifies that the mac-security address table is cleared for all ports.
s5EtrSbsMacRemoved Signifies that a mac address is removed from the mac-security address table.
s5EtrNewSbsMacAccessViolation Signifies a trap is sent when the switch device detects a Mac_address based security violation on a port set by s5SbsSecurityAction defined in s5sbs100.mib. This trap is sent only once, when the condition is first detected.
s5CtrNewHotSwap Signifies that a component or sub component is inserted or removed from chassis. This trap is sent only once when the condition is first detected.
s5CtrNewProblem Signifies that a component or sub component has a problem like warning, nonfatal, or fatal. This trap is sent only once when the condition is first detected.
s5CtrNewUnitUp Signifies that a component or sub component is newly detected. This trap is sent only once when the condition is first detected.
s5CtrNewUnitDown Signifies that a component or sub component is no longer detected. This trap is sent only once when the condition is first detected.
bsAdacPortConfigNotification Signifies that whether the Auto-Configuration is applied or not on the port. This trap is sent on every status change.
bsAdacPortOperDisabledNotification Indicates whether a port having bsAdacPortAdminEnable set to true changes its bsAdacPortOperEnable from true to false due to some condition such as reaching the maximum number of devices supported for each port.
bsveVrrpTrapStateTransition Signifies that a state transition has occurred on a particular vrrp interface. Implementation of this trap is optional.
bsDhcpSnoopingBindingTableFull Signifies that an attempt is made to add a new DHCP binding entry when the binding table is full.
bsDhcpSnoopingTrap Signifies that a DHCP packet is dropped.
bsDhcpOption82MaxLengthExceeded Signifies that the DHCP Option 82 information could not be added to a DHCP packet because the size of the resulting packet is too long.
bsaiArpPacketDroppedOnUntrustedPort Signifies that an ARP packet is dropped on an untrusted port due to an invalid IP/MAC binding.
bsSourceGuardReachedMaxIpEntries Signifies that the maximum number of IP entries on a port has been reached.
bsSourceGuardCannotEnablePort Signifies that there are insufficient resources available to enable IP source guard checking on a port.
Attention

This notification is not generated as the result of a management operation, but rather as a result of internal state changes within the system.

bspimeNeighborStateChanged Signifies a change of state of an adjacency with a neighbor. This notification is generated when the PIM interface of the router is disabled or enabled, or when a PIM neighbor adjacency of route expires or establishes.
bsnConfigurationSavedToNvram Signifies that the device saves its configuration to non volatile storage.
bsnEapAccessViolation Signifies that an EAP access violation occurs.
bsnStackManagerReconfiguration Stackable system generates this notification when the stack manager detects a problem with a link between stack members.
bsnLacTrunkUnavailable Signifies that an attempt is made to form an 802.3ad LAG trunk, but there are no available resources to create a new trunk.
bsnLoginFailure Signifies that an attempt to login to the system fails because of an incorrect password.
bsnTrunkPortDisabledToPrevent
BroadcastStorm
Signifies that an MLT port is disabled because an MLT trunk is disabled.
bsnTrunkPortEnabledToPreventBroadcastStorm Signifies that an MLT port is enabled because an MLT trunk is disabled.
bsnLacPortDisabledDueToLossOfVLACPDU Signifies that a port is disabled due to the loss of a VLACP PDU.
bsnLacPortEnabledDueToReceiptOfVLACPDU Signifies that a port is enabled due to receipt of a VLACP PDU.
bsnStackConfigurationError Signifies that the expected size of a stack is not equal to the actual size of the stack.
bsnEapUbpFailure Signifies that the installation of a UBP policy fails following EAP authentication.
bsnTrialLicenseExpiration Signifies that a trial license is going to expire soon, or has already expired.
bsnEnteredForcedStackMode Signifies that a switch has entered forced stack mode.
bsnEapRAVError Signifies that the MAC address that was authorized on a port which could not be moved to the Radius-Assigned VLAN.
lldpRemTablesChange Signifies that the value of lldpStatsRemTableLastChangeTime is changed.
risingAlarm Signifies that an alarm entry is crossing its rising threshold and generating an event that is configured for sending SNMP traps.
fallingAlarm Signifies that an alarm entry is crossing its falling threshold and generating an event that is configured for sending SNMP traps.
vrrpTrapNewMaster Signifies that the sending agent has transitioned to ’Master’ state.
pethPsePortOnOffNotification Indicates if Pse Port is delivering or not power to the PD. This Notification is sent on every status change except in the searching mode.
pethMainPowerUsageOnNotification Indicate that PSE threshold usage indication is on, and the usage power is above the threshold.
pethMainPowerUsageOffNotification Indicates that PSE Threshold usage indication is off and the usage power is below the threshold.
ospfVirtIfStateChange Signifies that the value of ospfVirtIfStateChange is enabled.
ospfNbrStateChange Signifies that the value of ospfNbrStateChangeis enabled.
ospfVirtNbrStateChange Signifies that the value of ospfVirtNbrStateChange is enabled.
ospfIfConfigError Signifies that the value of ospfIfConfigError is enabled.
ospfVirtIfConfigError Signifies that the value of ospfVirtIfConfigError is enabled.
ospfIfAuthFailure Signifies that the value of ospfIfAuthFailure is enabled.
ospfVirtIfAuthFailure Signifies that the value of ospfVirtIfAuthFailureis enabled.
ospfIfStateChange Signifies that the value of ospfIfStateChange is enabled.
entConfigChange Signifies that the value of entConfigChangeis enabled.
lldpXMedTopologyChangeDetected Local device generates this notification when they sense a change in the topology. The change indicates that a new remote device attached to a local port, or a remote device disconnected or moved from one port to another.
ntnQosPolicyEvolLocalUbpSessionFailure Signifies that filter data associated with a user could not be installed in the context of local UBP support.
ntnQosPolicyEvolDosAttackDetected Indicates that the DAPP support has detected an attack on the device generating this trap. A notification is generated once for each unit that contains ports on which an attack is detected.
rcnSmltIstLinkUp Signifies that the split MLT link is from down to up.
rcnSmltIstLinkDown Signifies that the split MLT link is from up to down.
rcnSmltLinkUp Signifies that the split SMLT link is up.
rcnSmltLinkDown Signifies that the split SMLT link is down.
rcnBpduReceived Signifies that a BPDU is received on a port which has BPDU filtering enabled.
rcnSlppPortDownEventNew Signifies that a port down event that has occurred due to SLPP.
ubpEAPSessionStart Signifies start of EAP session.
ubpEAPSessionEnd Signifies end of EAP session.

Configuring notification control using EDM

Use the following procedure to enable or disable notification controls.

Procedure steps


Step Action

1

From the navigation tree, double-click Edit.

2

In the Edit tree, double-click Snmp Server.

3

In the Snmp Server tree, double-click Notification Control.

4

In the work area, in the table, double-click the cell under the column heading NotifyControlEnabled.

5

Select true or false from the drop-down list to enable to disable the selected notification control.

6

Repeat the previous two steps for all the NotifyControlType that you want to change.

7

In the toolbar, click Apply.


--End--

Variable definitions

The following table describes the fields of Notification Controls tab.

Variable Value
coldStart Signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself, and that its configuration may have been altered.
warmStart Signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself such that its configuration is unaltered.
linkDown Signifies that the SNMPv2 entity, acting in an agent role, has detected that the ifOperStatus object for one of its communication links is about to transition into the down state.
linkUp Signifies that the SNMPv2 entity, acting in an agent role, has detected that the ifOperStatus object for one of its communication links has come out of the down state.
authenticationFailure Signifies that the SNMP entity has received a protocol message that is not properly authenticated.
s5EtrSbsMacTableFull Signifies that the mac-security address table is filled.
s5EtrSbsMacTableClearedForPort Signifies that the mac-security address table is cleared for a particular port.
s5EtrSbsMacTableCleared Signifies that the mac-security address table is cleared for all ports.
s5EtrSbsMacRemoved Signifies that a mac address is removed from the mac-security address table.
s5EthernetTrapMib.5 Signifies a Mib trap
s5CtrNewHotSwap Signifies that a component or sub component is inserted or removed from chassis. This trap is sent only once when the condition is first detected.
s5CtrNewProblem Signifies that a component or sub component has a problem like warning, nonfatal, or fatal. This trap is sent only once when the condition is first detected.
s5CtrNewUnitUp Signifies that a component or sub component is newly detected. This trap is sent only once when the condition is first detected.
s5CtrNewUnitDown Signifies that a component or sub component is no longer detected. This trap is sent only once when the condition is first detected.
bsAdacPortConfigNotification Signifies that whether the Auto-Configuration is applied or not on the port. This trap is sent on every status change.
bsAdacPortOperDisabledNotification Indicates whether a port having bsAdacPortAdminEnable set to true changes its bsAdacPortOperEnable from true to false due to some condition such as reaching the maximum number of devices supported for each port.
bsveVrrpTrapStateTransition Signifies that a state transition has occurred on a particular vrrp interface. Implementation of this trap is optional.
bsDhcpSnoopingBindingTableFull Signifies that an attempt is made to add a new DHCP binding entry when the binding table is full.
bsDhcpSnoopingTrap Signifies that a DHCP packet is dropped.
bsDhcpOption82MaxLengthExceeded Signifies that the DHCP Option 82 information could not be added to a DHCP packet because the size of the resulting packet is too long.
bsaiArpPacketDroppedOnUntrustedPort Signifies that an ARP packet is dropped on an untrusted port due to an invalid IP/MAC binding.
bsSourceGuardReachedMaxIpEntries Signifies that the maximum number of IP entries on a port has been reached.
bsSourceGuardCannotEnablePort Signifies that there are insufficient resources available to enable IP source guard checking on a port.
Attention

This notification is not generated as the result of a management operation, but rather as a result of internal state changes within the system.

bspimeNeighborStateChanged Signifies a change of state of an adjacency with a neighbor. This notification is generated when the PIM interface of the router is disabled or enabled, or when a PIM neighbor adjacency of route expires or establishes.
bsnConfigurationSavedToNvram Signifies that the device saves its configuration to non volatile storage.
bsnEapAccessViolation Signifies that an EAP access violation occurs.
bsnStackManagerReconfiguration Stackable system generates this notification when the stack manager detects a problem with a link between stack members.
bsnLacTrunkUnavailable Signifies that an attempt is made to form an 802.3ad LAG trunk, but there are no available resources to create a new trunk.
bsnLoginFailure Signifies that an attempt to login to the system fails because of an incorrect password.
bsnTrunkPortDisabledToPrevent
BroadcastStorm
Signifies that an MLT port is disabled because an MLT trunk is disabled.
bsnTrunkPortEnabledToPreventBroadcastStorm Signifies that an MLT port is enabled because an MLT trunk is disabled.
bsnLacPortDisabledDueToLossOfVLACPDU Signifies that a port is disabled due to the loss of a VLACP PDU.
bsnLacPortEnabledDueToReceiptOfVLACPDU Signifies that a port is enabled due to receipt of a VLACP PDU.
bsnStackConfigurationError Signifies that the expected size of a stack is not equal to the actual size of the stack.
bsnEapUbpFailure Signifies that the installation of a UBP policy fails following EAP authentication.
bsnTrialLicenseExpiration Signifies that a trial license is going to expire soon, or has already expired.
bsnEnteredForcedStackMode Signifies that a switch has entered forced stack mode.
bsnEapRAVError Signifies that the MAC address that was authorized on a port which could not be moved to the Radius-Assigned VLAN.
lldpRemTablesChange Signifies that the value of lldpStatsRemTableLastChangeTime is changed.
risingAlarm Signifies that an alarm entry is crossing its rising threshold and generating an event that is configured for sending SNMP traps.
fallingAlarm Signifies that an alarm entry is crossing its falling threshold and generating an event that is configured for sending SNMP traps.
vrrpTrapNewMaster Signifies that the sending agent has transitioned to ’Master’ state.
pethPsePortOnOffNotification Indicates if Pse Port is delivering or not power to the PD. This Notification is sent on every status change except in the searching mode.
pethMainPowerUsageOnNotification Indicate that PSE threshold usage indication is on, and the usage power is above the threshold.
pethMainPowerUsageOffNotification Indicates that PSE Threshold usage indication is off and the usage power is below the threshold.
ospfVirtIfStateChange Signifies that the value of ospfVirtIfStateChange is enabled.
ospfNbrStateChange Signifies that the value of ospfNbrStateChangeis enabled.
ospfVirtNbrStateChange Signifies that the value of ospfVirtNbrStateChange is enabled.
ospfIfConfigError Signifies that the value of ospfIfConfigError is enabled.
ospfVirtIfConfigError Signifies that the value of ospfVirtIfConfigError is enabled.
ospfIfAuthFailure Signifies that the value of ospfIfAuthFailure is enabled.
ospfVirtIfAuthFailure Signifies that the value of ospfVirtIfAuthFailureis enabled.
ospfIfStateChange Signifies that the value of ospfIfStateChange is enabled.
entConfigChange Signifies that the value of entLastChangeTime is changed.
lldpXMedTopologyChangeDetected Local device generates this notification when they sense a change in the topology. The change indicates that a new remote device attached to a local port, or a remote device disconnected or moved from one port to another.
ntnQosPolicyEvolLocalUbpSessionFailure Signifies that filter data associated with a user could not be installed in the context of local UBP support.
ntnQosPolicyEvolDosAttackDetected Indicates that the DAPP support has detected an attack on the device generating this trap. A notification is generated once for each unit that contains ports on which an attack is detected.
rcnSmltIstLinkUp Signifies that the split MLT link is from down to up.
rcnSmltIstLinkDown Signifies that the split MLT link is from up to down.
rcnSmltLinkUp Signifies that the split SMLT link is up.
rcnSmltLinkDown Signifies that the split SMLT link is down.
rcnBpduReceived Signifies that a BPDU is received on a port which has BPDU filtering enabled.
rcnSlppPortDownEventNew Signifies that a port down event that has occurred due to SLPP.
ubpEAPSessionStart Signifies start of EAP session.
ubpEAPSessionEnd Signifies end of EAP session.