D-Link DES-3226SM Product Manual - Page 29

SNMP Network Management, SNMP Versions 1, 2 and 3

Get D-Link DES-3226SM - 1000Mbps Ethernet Switch PDF manuals and user guides
UPC - 790069247118
View all D-Link DES-3226SM manuals
Add to My Manuals
Save this manual to your list of manuals

Page 29 highlights

DES-3226S Layer 2 Fast Ethernet Switch User's Guide SNMP Network Management The Simple Network Management Protocol (SNMP) is an OSI layer 7 (the application layer) protocol for remotely monitoring and configuring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, Switches, and other network devices. SNMP can be used to perform many of the same functions as a directly connected console, or can be used within an integrated network management software package such as DView. SNMP performs the following functions: • Sending and receiving SNMP packets through the IP protocol. • Collecting information about the status and current configuration of network devices. • Modifying the configuration of network devices. The DES-3226S has a software program called an 'agent' that processes SNMP requests, but the user program that makes the requests and collects the responses runs on a management station (a designated computer on the network). The SNMP agent and the user program both use the UDP/IP protocol to exchange packets. SNMP Versions 1, 2 and 3 The DES-3226S supports SNMP version 3 as well as versions 1 and 2. The chief difference between Version 3 (SNMP v.3) and Versions 1 and 2 (SNMP v.1 and SNMP v.2) is that it provides a substantially higher level of security than the previous versions. In SNMP v. and v.2, user authentication is accomplished using 'community strings', which function like passwords. The remote user SNMP application and the router SNMP must use the same community string. SNMP packets from any station that has not been authenticated are ignored (dropped). SNMP v.3 uses a more sophisticated authentication process that is separated into two parts. One part is to maintain a list of users and their attributes that are allowed to act as SNMP managers. The second part describes what each user on that list can do as an SNMP manager. The Switch allows groups of users to be listed and configured with a shared set of privileges. The SNMP version may also be set for a listed group of SNMP managers. Thus, you may create a group of SNMP managers that are allowed to view read-only information or receive traps using SNMP v.1 while assigning a higher level of security to another group, granting read/write privileges using SNMP v.3. Using SNMP v.3 individual users or groups of SNMP managers can be allowed to perform or be restricted from performing specific SNMP management functions. The functions allowed or restricted are defined using the Object Identifier (OID) associated with a specific MIB. An additional layer of security is available for SNMP v.3 in that SNMP messages may be encrypted (using HMAC-SHA-96 or HMAC-MDA-96 authentication levels). Traps Traps are messages that alert network personnel of events that occur on the Switch. The events can be as serious as a reboot (someone accidentally turned OFF the Switch), or less serious like a port status change. The Switch generates traps and sends them to the trap recipient (or network manager). Trap recipients are special users of the network who are given certain rights and access in overseeing the maintenance of the network. Trap recipients will receive traps sent from the Switch; they must immediately take certain actions to avoid future failure or breakdown of the network. You can also specify which network managers may receive traps from the Switch. This can be done by entering a list of the IP addresses of authorized network managers. You may further specify the SNMP version to use for authentication. Up to four trap recipient IP addresses, and four corresponding SNMP community strings can be entered. The following are trap types the Switch can send to a trap recipient: • Cold Start This trap signifies that the Switch has been powered up and initialized such that software settings are reconfigured and hardware systems are rebooted. A cold start is different from a factory reset in that configuration settings saved to non-volatile RAM used to reconfigure the Switch. • Warm Start This trap signifies that the Switch has been rebooted, however the POST (Power On Self-Test) is skipped. • Authentication Failure This trap signifies that someone has tried to logon to the Switch using an invalid SNMP community string. The Switch automatically stores the source IP address of the unauthorized user. 26

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
DES-3226S Layer 2 Fast Ethernet Switch User’s Guide
26
SNMP Network Management
The Simple Network Management Protocol (SNMP) is an OSI layer 7 (the application layer) protocol for remotely monitoring
and configuring network devices.
SNMP enables network management stations to read and modify the settings of gateways,
routers, Switches, and other network devices.
SNMP can be used to perform many of the same functions as a directly
connected console, or can be used within an integrated network management software package such as DView.
SNMP performs the following functions:
Sending and receiving SNMP packets through the IP protocol.
Collecting information about the status and current configuration of network devices.
Modifying the configuration of network devices.
The DES-3226S has a software program called an ‘agent’ that processes SNMP requests, but the user program that makes the
requests and collects the responses runs on a management station (a designated computer on the network).
The SNMP agent
and the user program both use the UDP/IP protocol to exchange packets.
SNMP Versions 1, 2 and 3
The DES-3226S supports SNMP version 3 as well as versions 1 and 2. The chief difference between Version 3 (SNMP v.3)
and Versions 1 and 2 (SNMP v.1 and SNMP v.2) is that it provides a substantially higher level of security than the previous
versions.
In SNMP v. and v.2, user authentication is accomplished using ‘community strings’, which function like passwords.
The
remote user SNMP application and the router SNMP must use the same community string. SNMP packets from any station
that has not been authenticated are ignored (dropped).
SNMP v.3 uses a more sophisticated authentication process that is separated into two parts. One part is to maintain a list of
users and their attributes that are allowed to act as SNMP managers. The second part describes what each user on that list can
do as an SNMP manager.
The Switch allows groups of users to be listed and configured with a shared set of privileges. The SNMP version may also be
set for a listed group of SNMP managers. Thus, you may create a group of SNMP managers that are allowed to view read-only
information or receive traps using SNMP v.1 while assigning a higher level of security to another group, granting read/write
privileges using SNMP v.3.
Using SNMP v.3 individual users or groups of SNMP managers can be allowed to perform or be restricted from performing
specific SNMP management functions. The functions allowed or restricted are defined using the Object Identifier (OID)
associated with a specific MIB.
An additional layer of security is available for SNMP v.3 in that SNMP messages may be encrypted (using HMAC-SHA-96 or
HMAC-MDA-96 authentication levels).
Traps
Traps are messages that alert network personnel of events that occur on the Switch. The events can be as serious as a reboot
(someone accidentally turned OFF the Switch), or less serious like a port status change. The Switch generates traps and sends
them to the trap recipient (or network manager).
Trap recipients are special users of the network who are given certain rights and access in overseeing the maintenance of the
network. Trap recipients will receive traps sent from the Switch; they must immediately take certain actions to avoid future
failure or breakdown of the network.
You can also specify which network managers may receive traps from the Switch. This can be done by entering a list of the IP
addresses of authorized network managers.
You may further specify the SNMP version to use for authentication. Up to four
trap recipient IP addresses, and four corresponding SNMP community strings can be entered.
The following are trap types the Switch can send to a trap recipient:
Cold Start
This trap signifies that the Switch has been powered up and initialized such that software settings are
reconfigured and
hardware systems are rebooted. A cold start is different from a factory reset in that configuration
settings saved to non-volatile RAM used to reconfigure the Switch.
Warm Start
This trap signifies that the Switch has been rebooted, however the POST (Power On Self-Test) is
skipped.
Authentication Failure
This trap signifies that someone has tried to logon to the Switch using an invalid SNMP
community string. The Switch automatically stores the source IP address of the unauthorized user.