10. Using SNMP. Alcatel-Lucent OmniSwitch 6800 Series, OmniSwitch 9000 Series, OmniSwitch 6850 Series

10 Using SNMP

The Simple Network Management Protocol (SNMP) is an application-layer protocol that allows communication between SNMP managers and SNMP agents on an IPv4 as well as on an IPv6 network.

Network administrators use SNMP to monitor network performance and to manage network resources.

SNMP functionality over IPv6 environment can be configured only on an OmniSwitch 6850 and 9000.

In This Chapter

This chapter describes SNMP and how to use it through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the

OmniSwitch CLI Reference Guide.

Configuration procedures described in this chapter include:

•

‘‘Setting Up An SNMP Management Station’’ on page 10-4

•

‘‘Setting Up Trap Filters’’ on page 10-5

•

“Using SNMP For Switch Security” on page 10-27

•

“Working with SNMP Traps” on page 10-30

This chapter also includes lists of Industry Standard and Enterprise (Proprietary) MIBs used to manage the

OmniSwitch.

OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 10-1

SNMP Specifications Using SNMP

SNMP Specifications

The following table lists specifications for the SNMP protocol.

RFCs Supported for SNMPv2 1902 through 1907 - SNMPv2c Management Framework

1908 - Coexistence and transitions relating to SNMPv1 and SNMPv2c

RFCs Supported for SNMPv3 2570 – Version 3 of the Internet Standard Network Management

Framework

2571 – Architecture for Describing SNMP Management Frameworks

2572 – Message Processing and Dispatching for SNMP

2573 – SNMPv3 Applications

2574 – User-based Security Model (USM) for version 3 SNMP

2575 – View-based Access Control Model (VACM) for SNMP

2576 – Coexistence between SNMP versions

SNMPv1, SNMPv2, SNMPv3 The SNMPv3 protocol is ascending compatible with SNMPv1 and v2 and supports all the SNMPv1 and SNMPv2 PDUs

SNMPv1 and SNMPv2

Authentication

Community Strings

SNMPv1, SNMPv2 Encryption None

SNMPv1 and SNMPv2 Security requests accepted by the switch

Sets and Gets

SNMPv3 Authentication SHA, MD5

SNMPv3 Encryption

SNMPv3 Security requests accepted by the switch.

SNMP traps

Maximum number of SNMP sessions that can be established on an OmniSwitch.

DES

Non-authenticated Sets, Non-authenticated Gets and Get-Nexts,

Authenticated Sets, Authenticated Gets and Get-Nexts, Encrypted Sets,

Encrypted Gets and Get-Nexts

Refer to the table on

page 10-10 for a complete list of traps and their

definitions.

50

SNMP Defaults

The following table describes the default values of the SNMP protocol parameters.

Parameter Description

SNMP Management Station

Community Strings

SNMP Security setting

Trap filtering

Trap Absorption

Enables the forwarding of traps to

WebView.

Command snmp station snmp community map snmp security snmp trap filter snmp trap absorption snmp trap to webview

Default Value/Comments

UDP port 162, SNMPv3, Enabled

Enabled

Privacy all (highest) security

Disabled

Enabled

Enabled page 10-2 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007

Using SNMP SNMP Defaults

Parameter Description Command Default Value/Comments

Enables or disables SNMP authentication failure trap forwarding.

snmp authentication trap Disabled


Quick Steps for Setting Up An SNMP Management Station Using SNMP

Quick Steps for Setting Up An SNMP

Management Station

An SNMP Network Management Station (NMS) is a workstation configured to receive SNMP traps from the switch. To set up an SNMP NMS by using the switch’s CLI, proceed as follows:

1 Specify the user account name and the authentication type for that user. For example:

-> user NMSuserV3MD5DES md5+des password ********

2 Specify the UDP destination port number (in this case 8010), the IP address of the management station

(199.199.100.200), a user account name (NMSuserV3MD5DES), and the SNMP version number (v3). For example:

-> snmp station 199.199.100.200 8010 NMSuserV3MD5DES v3 enable

Use the same command as above for specifying the IPv6 address of the management station. For example:

-> snmp station 300::1 enable

Note. Optional. To verify the SNMP Management Station, enter the show snmp station command. The display is similar to the one shown here:

-> show snmp station ipAddress/udpPort status protocol user

---------------------------+---------+--------+-------------------------------

199.199.100.200/8010 enable v3 NMSuserV3MD5DES

199.199.101.201/111 disable v2 NMSuserV3MD5

199.199.102.202/8002 enable v1 NMSuserV3SHADES


---------------------------------------------------+---------+--------+------

172.21.160.32/4000 enable v3 abc

172.21.160.12/5000 enable v3 user1

0300:0000:0000:0000:0211:d8ff:fe47:470b/4001 enable v3 user2

0300:0000:0000:0000:0211:d8ff:fe47:470c/5001 enable v2 abc

For more information about this display, see the “SNMP Commands” chapter in the OmniSwitch CLI

Reference Guide.

page 10-4 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007

Using SNMP Quick Steps for Setting Up Trap Filters

Quick Steps for Setting Up Trap Filters

You can filter traps by limiting user access to trap command families. You can also filter according to individual traps.

Filtering by Trap Families

The following example will create a new user account. This account will be granted read-only privileges to three CLI command families (snmp, chassis, and interface). Read-only privileges will be withheld from all other command families.

1 Set up a user account named “usermark2” by executing the user CLI command.

-> user usermark2 password ******

2 Remove all read-only privileges from the user account.

-> user usermark2 read-only none

3 Add read-only privileges for the snmp, chassis, and interface command families.

-> user usermark2 read-only snmp chassis interface

Note. Optional. To verify the user account, enter the show user command. A partial display is shown here:

-> show user

User name = usermark2

Read right = 0x0000a200 0x00000000,

Write right = 0x00000000 0x00000000,

Read for domains = ,

Read for families = snmp chassis interface ,

Write for domains = None ,

Snmp authentication = NONE, Snmp encryption = NONE

The usermark2 account has read-only privileges for the snmp, chassis, and interface command families.

4 Set up an SNMP station with the user account “usermark2” defined above.

-> snmp station 210.1.2.1 usermark2 v3 enable

Note. Optional.To verify the SNMP Management Station, enter the show snmp station command. The display is similar to the one shown here:


---------------------------+---------+--------+-------------------------------

210.1.2.1/162 enable v3 usermark2

The usermark2 account is established on the SNMP station at IP address 210.1.2.1.


Quick Steps for Setting Up Trap Filters Using SNMP

Filtering by Individual Traps

The following example enables trap filtering for the coldstart, warmstart, linkup, and linkdown traps. The identification numbers for these traps are 0, 1, 2, and 3. When trap filtering is enabled, these traps will be filtered. This means that the switch will not pass them through to the SNMP management station. All other traps will be passed through.

1 Specify the IP address for the SNMP management station and the trap identification numbers.

-> show snmp trap filter 210.1.2.1 0 1 2 3

-> snmp trap filter 300::1 1 3 4

Note. Optional. You can verify which traps will not pass through the filter by entering the snmp trap filter command. The display is similar to the one shown here:

-> show snmp trap filter ipAddress trapId list

-----------------+----------------------------------------

210.1.2.1

0 1 2 3

The SNMP management station with the IP address of 210.1.2.1 will not receive trap numbers 0, 1, 2, and 3.

For trap numbers refer to the

“SNMP Traps Table” on page 10-10 . For more information on the CLI

commands and the displays in these examples, refer to the OmniSwitch CLI Reference Guide. page 10-6 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007

Using SNMP SNMP Overview

SNMP Overview

SNMP provides an industry standard communications model used by network administrators to manage and monitor their network devices. The SNMP model defines two components, the SNMP Manager and the SNMP Agent.

Network Management Station OmniSwitch

OmniSwitch 6648

SNMP Manager SNMP Agent

SNMP Network Model

• The SNMP Manager resides on a workstation hosting the management application. It can query agents by using SNMP operations. An SNMP manager is commonly called a Network Management System

(NMS). NMS refers to a system made up of a network device (such as a workstation) and the NMS software. It provides an interface that allows users to request data or see alarms resulting from traps or informs. It can also store data that can be used for network analysis.

• The SNMP Agent is the software entity that resides within the switch on the network. It maintains the management data about a particular network device and reports this data, as needed, to the managing systems. The agent also responds to requests for data from the SNMP Manager.

Along with the SNMP agent, the switch also contains Management Information Bases (MIBs). MIBs are databases of managed objects, written in the SNMP module language, which can be monitored by the

NMS. The SNMP agent contains MIB variables, which have values the NMS can request or change using

Get, GetNext, GetBulk, or Set operations. The agent can also send unsolicited messages (traps or informs) to the NMS to notify the manager of network conditions.

SNMP Operations

Devices on the network are managed through transactions between the NMS and the SNMP agent residing on the network device (i.e., switch). SNMP provides two kinds of management transactions, managerrequest/agent-response and unsolicited notifications (traps or informs) from the agent to the manager.

In a manager-request/agent-response transaction, the SNMP manager sends a request packet, referred to as a Protocol Data Unit (PDU), to the SNMP agent in the switch. The SNMP agent complies with the request and sends a response PDU to the manager. The types of management requests are Get, GetNext, and

GetBulk requests. These transactions are used to request information from the switch (Get, GetNext, or

GetBulk) or to change the value of an object instance on the switch (Set).

In an unsolicited notification, the SNMP agent in the switch sends a trap PDU to the SNMP manager to inform it that an event has occurred. The SNMP manager normally does not send confirmation to the agent acknowledging receipt of a trap.


SNMP Overview Using SNMP

Using SNMP for Switch Management

The Alcatel-Lucent switch can be configured using the Command Line Interface (CLI), SNMP, or the

WebView device management tool. When configuring the switch by using SNMP, an NMS application

(such as Alcatel-Lucent’s OmniVista or HP OpenView) is used.

Although MIB browsers vary depending on which software package is used, they all have a few things in common. The browser must compile the Alcatel-Lucent switch MIBs before it can be used to manage the switch by issuing requests and reading statistics. Each MIB must be checked for dependencies and the

MIBs must be compiled in the proper order. Once the browser is properly installed and the MIBs are compiled, the browser software can be used to manage the switch. The MIB browser you use depends on the design and management requirements of your network.

Detailed information on working with MIB browsers is beyond the scope of this manual. However, you must know the configuration requirements of your MIB browser or other NMS installation before you can define the system to the switch as an SNMP station.

Setting Up an SNMP Management Station

An SNMP management station is a workstation configured to receive SNMP traps from the switch. You must identify this station to the switch by using the snmp station CLI command.

The following information is needed to define an SNMP management station.

• The IP address of the SNMP management station device.

• The UDP destination port number on the management station. This identifies the port to which the switch will send traps.

• The SNMP version used by the switch to send traps.

• A user account name that the management station will recognize.

Procedures for configuring a management station can be found in

“Quick Steps for Setting Up An SNMP

Management Station” on page 10-4

SNMP Versions

The SNMP agent in the switch can communicate with multiple managers. You can configure the switch to communicate with different management stations by using different versions of SNMP. The switch supports three versions of SNMP—v1, v2, and v3.

SNMPv1

SNMPv1 is the original implementation of the SNMP protocol and network management model. It is characterized by the Get, Set, GetNext, and Trap protocol operations.

SNMPv1 uses a rudimentary security system where each PDU contains information called a community

string. The community string acts like a combination username and password. When you configure a device for SNMP management you normally specify one community string that provides read-write access to objects within the device and another community string that limits access to read-only. If the community string in a data unit matches one of these strings, the request is granted. If not, the request is denied.



The community string security standard offers minimal security and is generally insufficient for networks where the need for security is high. Although SNMPv1 lacks bulk message retrieval capabilities and security features, it is widely used and is a de facto standard in the Internet environment.

SNMPv2

SNMPv2 is a later version of the SNMP protocol. It uses the same Get, Set, GetNext, and Trap operations as SNMPv1 and supports the same community-based security standard. SNMPv1 is incompatible with

SNMPv2 in certain applications due to the following enhancements:

• Management Information Structure

SNMPv2 includes new macros for defining object groups, traps compliance characteristics, and capability characteristics.

• Protocol Operations

SNMPv2 has two new PDUs not supported by SNMPv1. The GetBulkRequest PDU enables the manager to retrieve large blocks of data efficiently. In particular, it is well suited to retrieving multiple rows in a table. The InformRequest PDU enables one manager to send trap information to another manager.

SNMPv3

SNMPv3 supports the View-Based Access Control Model (VACM) and User-Based Security Model

(USM) security models along with these added security features:

• Message integrity—Ensuring that a packet has not been tampered with in transit.

• Time Frame Protection—Limiting requests to specified time frames. The user can specify a time frame so that any PDU bearing an out of date timestamp will be ignored.

• Encryption—Scrambling the contents of a packet to prevent it from being learned by an unauthorized source.

• Authentication—Determining that the message is from a valid source holding the correct privileges.



SNMP Traps Table

The following table provides information on all SNMP traps supported by the switch. Each row includes the trap name, its ID number, any objects (if applicable), its command family, and a description of the condition the SNMP agent in the switch is reporting to the SNMP management station. You can generate a list of SNMP traps that are supported on your switch by using the show snmp trap config command.

No. Trap Name Objects Family Description

0

1 coldStart warmStart none none chassis chassis

The SNMP agent in the switch is reinitiating and its configuration may have been altered.

The SNMP agent in the switch is reinitiating itself and its configuration is unaltered.

2 linkDown IfIndex ifAdminStatus ifOperStatus interface

IfIndex—A unique value, greater than zero, for each interface. It is recommended that values are assigned contiguously starting from 1. The value for each interface sub-layer must remain constant at least from one re-initialization of the entity’s network management system to the next re-initialization.

ifAdminStatus—The desired state of the interface. The testing (3) state indicates that no operational packets can be passed. When a managed system initializes, all interfaces start with ifAdminStatus in the down (2) state.

As a result of either explicit management action or per configuration information retained by the managed system, ifAdminStatus is then changed to either the up (1) or testing (3) states (or remains in the down (2) state).

ifOperStatus—The current operational state of the interface. The testing (3) state indicates that no operational packets can be passed. If ifAdminStatus is down (2) then ifOperStatus should be down(2). If ifAdminStatus is changed to up (1) then ifOperStatus should change to up (1) if the interface is ready to transmit and receive network traffic; it should change to dormant (5) if the interface is waiting for external actions (such as a serial line waiting for an incoming connection); it should remain in the down (2) state if and only if there is a fault that prevents it from going to the up (1) state; it should remain in the notPresent (6) state if the interface has missing

(typically, hardware) components.

3 linkUp ifIndex ifAdminStatus ifOperStatus interface

The SNMP agent in the switch recognizes a failure in one of the communications links configured for the switch.

The SNMP agent in the switch recognizes that one of the communications links configured for the switch has come up.

IfIndex—A unique value, greater than zero, for each interface. It is recommended that values are assigned contiguously starting from 1. The value for each interface sub-layer must remain constant at least from one re-initialization of the entity's network management system to the next re-initialization.

ifAdminStatus—The desired state of the interface. The testing (3) state indicates that no operational packets can be passed. When a managed system initializes, all interfaces start with ifAdminStatus in the down (2) state.

As a result of either explicit management action or per configuration information retained by the managed system, ifAdminStatus is then changed to either the up (1) or testing (3) states (or remains in the down (2) state).

ifOperStatus—The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed. If ifAdminStatus is down (2) then ifOperStatus should be down (2). If ifAdminStatus is changed to up (1), then ifOperStatus should change to up (1) if the interface is ready to transmit and receive network traffic; it should change to dormant (5) if the interface is waiting for external actions (such as a serial line waiting for an incoming connection); it should remain in the down (2) state if and only if there is a fault that prevents it from going to the up (1) state; it should remain in the notPresent (6) state if the interface has missing

(typically, hardware) components.

4 authenticationFailure none snmp The SNMP agent in the switch has received a protocol message that is not properly authenticated.




5

6 entConfigChange aipAMAPStatusTrap none aipAMAPLast-

TrapReason aipAMAPLast-

TrapPort module aip

An entConfigChange notification is generated when a conceptual row is created, modified, or deleted in one of the entity tables.

The status of the Alcatel-Lucent

Mapping Adjacency Protocol

(AMAP) port changed.

aipAMAPLastTrapReason—Reason for last change of port status. Valid reasons are 1 (port added), 2 (change of information on existing port), 3 (port deleted), and 4 (no trap has been sent).

aipAMAPLastTrapPort—The ifindex number of the port that most recently changed.

7 aipGMAPConflictTrap aipGMAPLast-

TrapReason aipGMAPLast-

TrapPort aipGMAPLast-

TrapMac aipGMAPLast-

TrapProtocol aipGMAPLast-

TrapVlan aip Indicates a Group Mobility

Advertisement Protocol (GMAP) port update conflict.

aipGMAPLastTrapReason—Reason for last GMAP update to not be applied. Valid reasons are 1 (Target

VLAN is an authenticated VLAN), 2 (update would conflict with a binding rule), 3 (update would create two different VLAN entries for the same protocol), 4 (update would create two different protocol entries for the same VLAN), 5 (target VLAN is not mobile), and 6 (no trap has been sent).

aipGMAPLastTrapPort—The ifindex number of the last port on which the GMAP was not applied because of a conflict.

aipGMAPLastTrapMac—The last MAC address for which a GMAP change was not applied because of a conflict.

aipGMAPLastTrapProtocol—The protocol identifier of the last GMAP change that was not applied because of a conflict.

aipGMAPLastTrapVlan—The VLAN identifier of the last GMAP change that was not applied because of a conflict.

Note: This trap (GMAP) is not supported on OmniSwitch 6800/6850/9000 switches in the current release.

8 policyEventNotification policyTrapEventDetail-

String policyTrapEventCode qos The switch notifies the NMS when a significant event happens that involves the policy manager.

policyTrapEventDetailString—Details about the event that took place.

policyTrapEventCode—The code of the event.




9 chassisTrapsStr chassisTrapsStr-

Level chassis-

TrapsStrAppID chassisTrapsStr-

SnapID chassisTrapsStrfileName chassisTrapsStrfileLineNb chassisTrapsStr-

ErrorNb chassis-

TrapsStrcomments chassisTrapsStrdataInfo chassis A software trouble report (STR) was sent by an application encountering a problem during its execution.

chassisTrapsStrLevel—An enumerated value that provides the urgency level of the STR.

chassisTrapsStrAppID—The application identification number.

chassisTrapsStrSnapID—The subapplication identification number. You can have multiple snapIDs per Subapplication (task) but only one is to be used to send STRs.

chassisTrapsStrfileName—Name of the source file where the fault was detected. This is given by the C ANSI macro __FILE__. The path shouldn’t appear.

chassisTrapsStrfileLineNb—Line number in the source file where the fault was detected. This is given by the

C ANSI macro __LINE__.

chassisTrapsStrErrorNb—The fault identificator. The error number identifies the kind the detected fault and allows a mapping of the data contained in chassisTrapsdataInfo.

chassisTrapsStrcomments—Comment text explaining the fault.

chassisTrapsStrdataInfo—Additional data provided to help to find out the origin of the fault. The contained and the significant portion are varying in accordance with chassisTrapsStrErrorNb. The length of this field is expressed in bytes.

10 chassisTrapsAlert physicalIndex chassisTrapsObjectType chassisTrapsObjectNumber chassisTrapsAlertNumber chassisTrapsAlertDescr chassis A notification that some change has occurred in the chassis.

physicalIndex—The physical index of the involved object.

chassisTrapsObjectType—An enumerated value that provides the object type involved in the alert trap.

chassisTrapsObjectNumber—A number defining the order of the object in the set (e.g., the number of the considered fan or power supply). This is intended to clarify as much as possible the location of the failure or alert. An instance of the appearance of the trap could be “failure on a module. Power supply 3”.

chassisTrapsAlertNumber—This number that identifies the alert among all the possible chassis alert causes.

chassisTrapsAlertDescr— The description of the alert matching ChassisTrapsAlertNumber.




11 chassisTrapsStateChange physicalIndex chassisTrapsObjectType chassisTrapsObjectNumber chasEntPhys-

OperStatus chassis An NI status change was detected.


chassisTrapsObjectType—An enumerated value that provides the object type involved in the alert trap.

chassisTrapsObjectNumber—A number defining the order of the object in the set (e.g., the number of the considered fan or power supply). This intends to clarify as much as possible the location of the failure or alert.

An instance of the appearance of the trap could be “failure on a module. Power supply 3”.

chasEntPhysOperStatus—An enumerated value that indicates the operational status of installed modules

(includes empty slots).

12 chassisTrapsMacOverlap physicalIndex chasTrapMac-

RangeIndex module A MAC range overlap was found in the backplane eeprom.


chasTrapMacRangeIndex—The MAC range index of the involved object.

13 vrrpTrapNewMaster vrrpOperMasterIpAddr vrrp

vrrpOperMasterIpAddr—The master router’s real (primary) IP address. This is the IP address listed as the source in the VRRP advertisement last received by this virtual router.

14 vrrpTrapAuthFailure vrrp vrrpTrapPacketSrc vrrpTrapAuth-

ErrorType

A packet was received from the network whose authentication key conflicts with the switch’s authentication key or type.

vrrpTrapPacketSrc—The IP address of an inbound VRRP packet.

vrrpTrapAuthErrorType—Potential types of configuration conflicts.

The SNMP agent has transferred from the backup state to the master state.




15 healthMonDeviceTrap healthMonRx-

Status healthMonRx-

TxStatus healthMon-

MemoryStatus healthMonCpuStatus healthMonCmmTempStatus healthMonCmmCpuTemp-

Status health Indicates a device-level threshold was crossed.

healthMonRxStatus—Rx threshold status indicating if threshold was crossed or no change.

healthMonRxTxStatus— RxTx threshold status indicating if threshold was crossed or no change.

healthMonMemoryStatus—Memory threshold status indicating if threshold was crossed or no change.

healthMonCpuStatus—CPU threshold status indicating if threshold was crossed or no change.

healthMonCmmTempStatus—CMM temperature threshold status indicating if threshold was crossed or no change.

healthMonCmmCpuTempStatus—CMM CPU temperature threshold status indicating if threshold was crossed or no change.

16 healthMonModuleTrap healthModule-

Slot healthMonRx-

Status healthMonRx-

TxStatus healthMon-

MemoryStatus healthMonCpuStatus health Indicates a module-level threshold was crossed.

healthModuleSlot—The (one-based) front slot number within the chassis.


healthMonRxTxStatus—RxTx threshold status indicating if threshold was crossed or no change.

healthMonMemoryStatus—Memory threshold status indicating if threshold was crossed or no change.

healthMonCpuStatus—CPU threshold status indicating if threshold was crossed or no change.

17 healthMonPortTrap healthPortSlot healthPortIF healthMonRx-

Status healthMonRx-

TxStatus health Indicates a port-level threshold was crossed.

healthPortSlot—The physical slot number for this port.

healthPortIF—The on-board interface number.


healthMonRxTxStatus—RxTx threshold status indicating if threshold was crossed or no change.




18 bgpEstablished

19 bgpBackwardTransition bgpPeerLastError bgpPeerState

bgpPeerLastError—The last error code and subcode seen by this peer on this connection. If no error has occurred, this field is zero. Otherwise, the first byte of this two byte OCTET STRING contains the error code, and the second byte contains the subcode.

bgpPeerState—The BGP peer connection state.

bgpPeerLastError bgpPeerState bgp bgp

The BGP routing protocol has entered the established state.

This trap is generated when the

BGP router port has moved from a more active to a less active state.

bgpPeerLastError—The last error code and subcode seen by this peer on this connection. If no error has occurred, this field is zero. Otherwise, the first byte of this two byte OCTET STRING contains the error code, and the second byte contains the subcode.

bgpPeerState—The BGP peer connection state.

20 esmDrvTrapDropsLink esmPortSlot esmPortIF ifInErrors ifOutErrors esmDrvTrap-

Drops interface This trap is sent when the Ethernet code drops the link because of excessive errors.

esmPortSlot—The physical slot number for this Ethernet Port. The slot number has been added to be used by the private trap.

esmPortIF—The on-board interface number for this Ethernet port. The port number has been added to be used by the private trap.

ifInErrors—For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higherlayer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of ifCounterDiscontinuityTime.

ifOutErrors—For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of ifCounterDiscontinuity-

Time.

esmDrvTrapDrops— Partitioned port (separated due to errors).

21 pimNeighborLoss pimNeighborIfIndex ipmr Signifies the loss of adjacency with a neighbor device. This trap is generated when the neighbor time expires and the switch has no other neighbors on the same interface with a lower IP address than itself.

pimNeighborIfIndex—The value of ifIndex for the interface used to reach this PIM neighbor.




22 dvmrpNeighborLoss dvmrpInterface-

LocalAddress dvmrpNeighborState ipmr A 2-way adjacency relationship with a neighbor has been lost.

This trap is generated when the neighbor state changes from

“active” to “one-way,” “ignoring” or “down.” The trap is sent only when the switch has no other neighbors on the same interface with a lower IP address than itself.

dvmrpInterfaceLocalAddress—The IP address this system will use as a source address on this interface. On unnumbered interfaces, it must be the same value as dvmrpInterfaceLocalAddress for some interfaces on the system.

dvmrpNeighborState—State of the neighbor adjacency.

23 dvmrpNeighborNotPruning ipmr dvmrpInterface-

LocalAddress dvmrpNeighborCapabilities

A non-pruning neighbor has been detected in an implementationdependent manner. This trap is generated at most once per generation ID of the neighbor. For example, it should be generated at the time a neighbor is first heard from if the prune bit is not set. It should also be generated if the local system has the ability to tell that a neighbor which sets the prune bit is not pruning any branches over an extended period of time. The trap should be generated if the router has no other neighbors on the same interface with a lower IP address than itself.

dvmrpInterfaceLocalAddress—The IP address this system will use as a source address on this interface. On unnumbered interfaces, it must be the same value as dvmrpInterfaceLocalAddress for some interfaces on the system.

dvmrpNeighborCapabilities—This object describes the neighboring router’s capabilities. The leaf bit indicates that the neighbor has only one interface with neighbors. The prune bit indicates that the neighbor supports pruning. The generationID bit indicates that the neighbor sends its generationID in Probe messages. The mtrace bit indicates that the neighbor can handle mtrace requests.




24 risingAlarm alarmIndex alarmVariable alarmSample-

Type alarmValue alarmRisingThreshold rmon

alarmIndex—An index that uniquely identifies an entry in the alarm table. Each such entry defines a diagnostic sample at a particular interval for an object on the device.

alarmVariable—The object identifier of the particular variable to be sampled. Only variables that resolve to an

ASN.1 primitive type of INTEGER (INTEGER, Integer32, Counter32, Counter64, Gauge, or TimeTicks) may be sampled.

alarmSampleType—The method of sampling the selected variable and calculating the value to be compared against the thresholds. If the value of this object is absoluteValue (1), the value of the selected variable will be compared directly with the thresholds at the end of the sampling interval. If the value of this object is deltaValue

(2), the value of the selected variable at the last sample will be subtracted from the current value, and the difference compared with the thresholds.

alarmValue—The value of the statistic during the last sampling period. For example, if the sample type is deltaValue, this value will be the difference between the samples at the beginning and end of the period. If the sample type is absoluteValue, this value will be the sampled value at the end of the period.

alarmRisingThreshold—A threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single event will be generated. A single event will also be generated if the first sample after this entry becomes valid is greater than or equal to this threshold and the associated alarmStartupAlarm is equal to risingAlarm (1) or risingOrFallingAlarm (3).

25 fallingAlarm alarmIndex alarmVariable alarmSample-

Type alarmValue alarmFallingThreshold rmon

An Ethernet statistical variable has exceeded its rising threshold. The variable’s rising threshold and whether it will issue an

SNMP trap for this condition are configured by an NMS station running RMON.

An Ethernet statistical variable has dipped below its falling threshold. The variable’s falling threshold and whether it will issue an SNMP trap for this condition are configured by an NMS station running RMON.

alarmIndex—An index that uniquely identifies an entry in the alarm table. Each such entry defines a diagnostic sample at a particular interval for an object on the device.

alarmVariable—The object identifier of the particular variable to be sampled. Only variables that resolve to an

ASN.1 primitive type of INTEGER (INTEGER, Integer32, Counter32, Counter64, Gauge, or TimeTicks) may be sampled.

alarmSampleType—The method of sampling the selected variable and calculating the value to be compared against the thresholds. If the value of this object is absoluteValue (1), the value of the selected variable will be compared directly with the thresholds at the end of the sampling interval. If the value of this object is deltaValue

(2), the value of the selected variable at the last sample will be subtracted from the current value, and the difference compared with the thresholds.

alarmValue—The value of the statistic during the last sampling period. For example, if the sample type is deltaValue, this value will be the difference between the samples at the beginning and end of the period. If the sample type is absoluteValue, this value will be the sampled value at the end of the period.

alarmFallingThreshold—A threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single event will be generated. A single event will also be generated if the first sample after this entry becomes valid is less than or equal to this threshold and the associated alarmStartupAlarm is equal to fallingAlarm (2) or risingOr-

FallingAlarm (3).

26 stpNewRoot vStpNumber stp Sent by a bridge that became the new root of the spanning tree.

vStpNumber—The Spanning Tree number identifying this instance.




27 stpRootPortChange vStpNumber vStpRootPort-

Number stp A root port has changed for a spanning tree bridge. The root port is the port that offers the lowest cost path from this bridge to the root bridge.

vStpNumber—The Spanning Tree number identifying this instance.

vStpRootPortNumber—The port ifindex of the port which offers the lowest cost path from this bridge to the root bridge for this spanning tree instance.

28 mirrorConfigError mirmonPrimarySlot mirmonPrimaryPort mirroringSlot mirroringPort mirMonErrorNi mirMonError pmm The mirroring configuration failed on an NI. This trap is sent when any NI fails to configure mirroring. Due to this error, port mirroring session will be terminated.

mirmonPrimarySlot—Slot of mirrored or monitored interface.

mirmonPrimaryPort—Port of mirrored or monitored interface.

mirroringSlot—Slot of mirroring interface.

mirroringPort—Port of mirroring interface.

mirMonErrorNi—The NI slot number.

mirMonError—The Error returned by the NI which failed to configure Mirroring/Monitoring.

29 mirrorUnlikeNi mirmonPrimarySlot mirmonPrimaryPort mirroringSlot mirroringPort mirMonErrorNi pmm The mirroring configuration is deleted due to the swapping of different NI board type. The Port

Mirroring session which was active on a slot cannot continue with the insertion of different NI type in the same slot.

mirmonPrimarySlot—Slot of mirrored or monitored interface.

mirmonPrimaryPort—Port of mirrored or monitored interface.

mirroringSlot—Slot of mirroring interface.

mirroringPort—Port of mirroring interface.

mirMonErrorNi—The NI slot number.

mirMonError—The Error returned by the NI which failed to configure Mirroring/Monitoring.

30 slPCAMStatusTrap slPCAMSlot-

Number slPCAMSlice-

Number slPCAMStatus bridge The trap status of the Layer 2 pesudoCAM for this NI.

slPCAMSlotNumber—The slot number of this Coronado switching/routing ASIC.

slPCAMSliceNumber—The slice number of this Coronado switching/routing ASIC.

slPCAMStatus—The Layer 2 pesudoCAM status of this Coronado switching/routing ASIC.

31 unused N/A N/A

32 unused N/A N/A page 10-18 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007



33 slbTrapOperStatus slbTrapInfoEntityGroup slbTrapInfoOperStatus slbTrapInfo-

ClusterName slbTrapInfoServerIpAddr load balancing

A change occurred in the operational status of the server load balancing entity.

slbTrapInfoEntityGroup—The entity group inside SLB management.

slbTrapInfoOperStatus—The operational status of an SLB cluster or server.

slbTrapInfoClusterName—A change occurred in the operational status of an SLB entity.

slbTrapInfoServerIpAddr—The IP address of a server.

Note: This trap is not supported on OmniSwitch 6800/6850/9000 switches in the current release.

34 ifMauJabberTrap ifMauJabber-

State interface This trap is sent whenever a managed interface MAU enters the jabber state.

ifMauJabberState—The value other(1) is returned if the jabber state is not 2, 3, or 4. The agent MUST always return other(1) for MAU type dot3MauTypeAUI. The value unknown(2) is returned when the MAU’s true state is unknown; for example, when it is being initialized. If the MAU is not jabbering the agent returns noJabber(3).

This is the “normal” state. If the MAU is in jabber state the agent returns the jabbering(4) value.

35 sessionAuthenticationTrap sessionAccessType sessionUser-

Name sessionUserIpAddress sessionAuth-

Failure session An authentication failure trap is sent each time a user authentication is refused.

sessionAccessType—The access type of the session.

sessionUserName—The user name of the user logged-in.

sessionUserIpAddress—The IP address of the user logged-in.

36 trapAbsorptionTrap trapAbsorStamp trapAbsor-

TrapId trapAbsor-

Counter trapAbsorTime none

trapAbsorStamp—The time stamp of the absorbed trap.

trapAbsorTrapId—The trap identifier of the absorbed trap.

trapAbsorCounter—The number of the iterations of the absorbed trap.

trapAbsorTime—The time stamp of the last iteration.

37 alaStackMgrDuplicateSlotTrap alaStack-

MgrSlotNI-

Number chassis

The absorption trap is sent when a trap has been absorbed at least once.

Two or more slots claim to have the same slot number.

alaStackMgrSlotNINumber—The numbers allocated for the stack NIs are from 1 to 8.

Note: This trap is not supported on OmniSwitch 9000 switches in the current release.




38 alaStackMgrNeighborChangeTrap alaStack-

MgrStackStatus alaStack-

MgrSlotNI-

Number alaStackMgr-

TrapLinkNumber chassis Indicates whether or not the stack is in loop.

alaStackMgrStackStatus—Indicates whether the stack is or is not in a loop.

alaStackMgrSlotNINumber—The numbers allocated for the stack NIs are from 1to 8.

alaStackMgrTrapLinkNumber—Holds the link number when the stack is not in a loop.


39 alaStackMgrRoleChangeTrap alaStackMgrPrimary alaStackMgr-

Secondary chassis Indicates that a new primary or secondary stack is elected.

alaStackMgrPrimary—Holds the number of the stack, which is in Primary role.

alaStackMgrSecondary—Holds the number of the stack, which is in Secondary role.


40 lpsViolationTrap lpsTrapSwitch-

Name lpsTrapSwitchIpAddr lpsTrapSwitch-

Slice lpsTrapSwitch-

Port lpsTrapViolatingMac lpsTrapViolationType systemServices-

Date systemServices-

Time bridge A Learned Port Security (LPS) violation has occurred.

lpsTrapSwitchName—The name of the switch.

lpsTrapSwitchIpAddr—The IP address of switch.

lpsTrapSwitchSlice— The physical slice number for the LPS port on which the violation occurred.

lpsTrapSwitchPort—The physical port number on which the violation occurred.

lpsTrapViolatingMac—The violating MAC address.

lpsTrapViolationType—The type of violation that occurred on the LPS port.

systemServicesDate—This object contains the current System Date in the following format: MM/DD/YYYY.

systemServicesTime—This object contains the current System Time in the following format: HH:MM:SS.

41 alaDoSTrap alaDoSType alaDoSDetected ip Indicates that the sending agent has received a Denial of Service

(DoS) attack.

alaDoSType—Index field for the alaDoSTable. Integer indicating the DoS Type: 0=portscan, 1=tcpsyn,

2=pingofdeath, 3=smurf, 3=pepsi, 5=land and 6=teardropBonkBoink.

alaDoSDetected—Number of attacks detected page 10-20 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007



42 gmBindRuleViolation gmBindRule-

Type gmBindRuleVlanId gmBindRuleI-

PAddress gmBindRuleMac-

Address gmBindRule-

PortIfIndex gmBindRuleProto-

Class gmBindRuleEthertype gmBindRuleDsapSsap vlan Occurs whenever a binding rule which has been configured gets violated.

gmBindRuleType—Type of binding rule for which trap sent.

gmBindRuleVlanId—Binding Rule VLAN Id.

gmBindRuleIPAddress—Binding Rule IP address.

gmBindRuleMacAddress—Binding Rule Mac Address.

gmBindRulePortIfIndex—The ifIndex corresponding to the mobile port on which the binding rule violation occurred.

gmBindRuleProtoClass—The encoded protocol number used for binding VLAN classification.

gmBindRuleEthertype—Ethertype value for generic Ethertype or snap rule. This value has no meaning for vProtoRuleProtoClass set to values other than 9 or 11.

gmBindRuleDsapSsap— DSAP and SSAP values for generic DSAP/SSAP and SNAP rules. This value has no meaning for vProtoRuleProtoClass set to values other than 10.

43 unused N/A N/A

44 unused

45 unused

N/A

N/A

N/A

N/A

46 unused N/A N/A

47 pethPsePortOnOff pethPsePortDetectionStatus module Indicates if power inline port is or is not delivering power to the a power inline device.

pethPsePortDetectionStatus—Describes the operational status of the port PD detection. A value of disabled

(1)- indicates that the PSE State diagram is in the state IDLE. A value of searching (2)- indicates that the PSE

State diagram is in the state DETECTION, CLASSIFICATION, SIGNATURE_INVALID or BACKOFF. A value of deliveringPower (4) - indicates that the PSE State diagram is in the state POWER_UP, POWER_ON or

POWER_OFF. A value of fault (5) - indicates that the PSE State diagram is in the state TEST_ERROR or the state IDLE due to the variable error condition. Faults detected are vendor-specific. A value of test (7) - indicates that the PSE State diagram is in the state TEST_MODE. A value of denyLowPriority (8) indicates that the port was disabled by the power management system, in order to keep active higher priority ports.

Note: This trap is not supported on OmniSwitch 6800 and 6850 switches in the current release.




48 pethPsePortPowerMaintenanceStatus pethPsePort-

PowerMaintenanceStatus module Indicates the status of the power maintenance signature for inline power.

pethPsePortPowerMaintenanceStatus—The value ok (1) indicates the Power Maintenance Signature is present and the overcurrent condition has not been detected. The value overCurrent (2) indicates an overcurrent condition has been detected. The value mPSAbsent (3) indicates that the Power Maintenance Signature is absent.

Note: This trap is not supported only on OmniSwitch 6800 and 6850 switches in the current release.

49 pethMainPowerUsageOn pethMainPseConsumption-

Power module Indicates that the power inline usage is above the threshold.

pethMainPseConsumptionPower—Measured usage power expressed in Watts.

Note: This trap is not supported only on OmniSwitch 6800 and 6850 in the current release.

50 pethMainPowerUsageOff pethMainPseConsumption-

Power module Indicates that the power inline usage is below the threshold.

pethMainPseConsumptionPower—Measured usage power expressed in Watts.

Note: This trap is not supported on OmniSwitch 6800 and 6850 in the current release.

51 ospfNbrStateChange ospfRouterId ospfNbrIpAddr ospfNbrAddressLessIndex ospfNbrRtrId ospfNbrState ospf Indicates a state change of the neighbor relationship.

ospfRouterId—A 32-bit integer uniquely identifying the router in the Autonomous System. By convention, to ensure uniqueness, this should default to the value of one of the router’s IP interface addresses.

ospfNbrIpAddr—The IP address this neighbor is using in its IP Source Address. Note that, on address-less links, this will not be 0.0.0.0, but the address of another of the neighbor’s interfaces.

ospfNbrAddressLessIndex—On an interface having an IP Address, zero. On address-less interfaces, the corresponding value of ifIndex in the Internet Standard MIB. On row creation, this can be derived from the instance.

ospfNbrRtrId—A 32-bit integer (represented as a type IpAddress) uniquely identifying the neighboring router in the Autonomous System.

ospfNbrState—The State of the relationship with this Neighbor.

52 ospfVirtNbrStateChange ospf Indicates a state change of the virtual neighbor relationship.

ospfRouterId ospfVirtNbrArea ospfVirtNbrRtrId ospfVirtNbrState

ospfRouterId—A 32-bit integer uniquely identifying the router in the Autonomous System. By convention, to ensure uniqueness, this should default to the value of one of the router's IP interface addresses.

ospfVirtNbrArea—The Transit Area Identifier.

ospfVirtNbrRtrId—A 32-bit integer uniquely identifying the neighboring router in the Autonomous System.

ospfVirtNbrState—The state of the Virtual Neighbor Relationship.




53 httpServerDoSAttackTrap httpConnection-

Stats httpsConnectionStats webmgt This trap is sent to management station(s) when the HTTP server is under Denial of Service attack.

The HTTP and HTTPS connections are sampled at a 15 second interval. This trap is sent every 1 minute while the HTTP server detects it is under attack.

httpConnectionStats—The number of HTTP connection attempts over the past 15 seconds.

54 alaStackMgrDuplicateRoleTrap alaStack-

MgrSlotNI-

Number alaStackMgr-

ChasRole chassis The element identified by alaStackMgrSlotNINumber detected the presence of two elements with the same primary or secondary role as specified by alaStackMgrChasRole on the stack.

alaStackMgrSlotNINumber—Numbers allocated for the stack NIs as follows:

- 0: invalid slot number

- 1..8: valid and assigned slot numbers corresponding to values from the entPhysicalTable

- 1001..1008: switches operating in pass through mode

- 255: unassigned slot number.

alaStackMgrChasRole—The current role of the chassis as follows:

- unassigned(0),

- primary(1),

- secondary(2),

- idle(3),

- standalone(4),

- passthrough(5).


55 alaStackMgrClearedSlotTrap alaStack-

MgrSlotNI-

Number chassis The element identified by alaStackMgrSlotNINumber will enter the pass through mode because its operational slot was cleared with immediate effect.






Note: This trap is not supported on OmniSwitch 9000 switches.

56 alaStackMgrOutOfSlotsTrap N/A chassis One element of the stack will enter the pass through mode because there are no slot numbers available to be assigned to this element.





57 alaStackMgrOutOfTokensTrap alaStack-

MgrSlotNI-

Number chassis The element identified by alaStackMgrSlotNINumber will enter the pass through mode because there are no tokens available to be assigned to this element.






Note: This trap is not supported on OmniSwitch 9000 switches.

58 alaStackMgrOutOfPassThruSlotsTrap N/A chassis There are no pass through slots available to be assigned to an element that is supposed to enter the pass through mode.


59 gmHwVlanRuleTableOverloadAlert gmOverloadRuleTable gmOverloadRuleType gmOverloadRuleVlanId gmOverloadRuleMacAddress gmOverloadRuleIpAddress gmOverloadRuleProtocol gmOverloadRuleIpxNetwork vlan An overload trap occurs whenever a new entry to the hardware

VLAN rule table gets dropped due to the overload of the table.

gmOverloadRuleTable—Overloaded hardware VLAN rule table.

gmOverloadRuleType—VLAN rule types that are not configured due to the overload of the hardware VLAN rule table.

gmOverloadRuleVlanId—The overloaded VLAN ID.

gmOverloadRuleMacAddress—The overloaded MAC address.

gmOverloadRuleIpAddress—The overloaded IP address.

gmOverloadRuleProtocol—The overloaded protocol type.

gmOverloadRuleIpxNetwork—The overloaded IPX network address.

60 lnkaggAggUp traplnkaggId traplnkaggPortIfIndex linkaggregation

Indicates the link aggregate is active. This trap is sent when any one port of the link aggregate group goes into the attached state.

traplnkaggId— Index value of the Link Aggregate group.

traplnkaggIfIndex —Port of the Link Aggregate group.



No. Trap Name

61 lnkaggAggDown

Objects traplnkaggId traplnkaggPortIfIndex

Family linkaggregation

Description

Indicates the link aggregate is not active. This trap is sent when all ports of the link aggregate group are no longer in the attached state.



62 lnkaggPortJoin traplnkaggId traplnkaggPortIfIndex traplnkaggId— Index value of the Link Aggregate group.


linkaggregation

This trap is sent when any given port of the link aggregate group goes to the attached state.

63 lnkaggPortLeave traplnkaggId traplnkaggPortIfIndex traplnkaggId— Index value of the Link Aggregate group.


64 lnkaggPortRemove traplnkaggId traplnkaggPortIfIndex linkaggregation linkaggregation

This trap is sent when any given port detaches from the link aggregate group.

This trap is sent when any given port of the link aggregate group is removed due to an invalid configuration.



65 pktDrop pktDropType pktDropIfIndex pktDropCount pktDropFrag

IP The pktDrop trap indicates that the sending agent has dropped certain packets (to blocked IP ports, from spoofed addresses, etc.).

pktDropType — Reason index for why the packet was dropped.

pktDropIfIndex pktDropCount

— Interface index (if_index) of the ingress port of the dropped pkt.

— The number of packet drops (within a configured time interval) of the pktDropType that triggered this particular trap instance.

pktDropFrag — Less than or equal to 512 bytes of the dropped packet (dsmac[12], tag[4], etype[2], payload[..512] (0 if DropCount only).

66 monitorFileWritten mirmonPrimarySlot mirmonPrimaryPort monitorFile-

Name monitorFileSize pmm A File Written Trap is sent when the amount of data requested by the user has been written by the port monitoring instance.

mirmonPrimarySlot — Slot of mirrored or monitored interface.

mirmonPrimaryPort — Port of mirrored or monitored interface.

monitorFileName — The name of the file in which the traffic will be stored (the default is

“PMONITOR.ENC”).

monitorFileSize — The number of bytes in 16K (16384) increments allowed for the file (default 16384 bytes).

The file contains only the last monitorFileName bytes of the current port monitoring instance.




67 alaVrrp3TrapProtoError alaVrrp3TrapPr otoErrReason vrrp The error trap indicates that the sending agent has encountered the protocol error. alaVrrp3TrapProtoErrReason —This indicates the reason for protocol error trap .

68 alaVrrp3TrapNewMaster alaVrrp3OperM asterlpAddrType alaVrrp3OperM asterlpAddr alaVrrp3TrapNe wMasterReason vrrp The newMaster trap indicates that the sending agent has transitioned to Master state.

alaVrrp3OperMasterlpAddrType —This specifies the type of alaVrrp3OperMasterlpAddr in this row .

alaVrrp3OperMasterlpAddr —The master switch’s real (primary for vrrp over IPv4) IP address. This is the Ip address listed as the source in the advertisement last received by this virtual switch. For IPv6, a link local address.

alaVrrp3TrapNewMasterReason —This indicates the reason for NewMaster trap.

69 gmHwMixModeSubnetRuleTable-

OverloadAlert gmSubnetRule-

Table gmOverloadRuleSlice vlan An subnet overload trap occurs in mixed mode whenever a new entry to the HW subnet rule table gets dropped due to the overload of the table.

gmSubnetRuleTable —Overloaded HW subnet rule table.

gmOverloadRuleSlice —Overloaded slot Id.

Note: This trap is not supported on OmniSwitch 6800/6850/9000 switches in the current release.


Using SNMP Using SNMP For Switch Security

Using SNMP For Switch Security

Community Strings (SNMPv1 and SNMPv2)

The switch supports the SNMPv1 and SNMPv2c community strings security standard. When a community string is carried over an incoming SNMP request, the community string must match up with a user account name as listed in the community string database on the switch. Otherwise, the SNMP request will not be processed by the SNMP agent in the switch.

Configuring Community Strings

To use SNMPv1 and v2 community strings, each user account name must be mapped to an SNMP community string. Follow these steps:

1 Create a user account on the switch and define its password. Enter the following CLI syntax to create the account “community_user1”.

-> user community_user1 password ******* no auth

Note. A community string inherits the security privileges of the user account that creates it.

A user account can be created locally on the switch by using CLI commands. For detailed information on setting up user accounts, refer to the “Using Switch Security” chapter of this manual.

2 Map the user account to a community string.

A community string works like a password so it is defined by the user. It can be any text string up to 32 characters in length. If spaces are part of the text, the string must be enclosed in quotation marks (“ ”). The following CLI command maps the username “community_user1” to the community string “comstring2”.

-> snmp community map comstring2 user community_user1 enable

3 Verify that the community string mapping mode is enabled.

By default, the community strings database is enabled. (If community string mapping is not enabled, the community string configuration will not be checked by the switch.) If the community string mapping mode is disabled, use the following command to enable it.

-> snmp community map mode enable

Note. Optional. To verify that the community string is properly mapped to the username, enter the show snmp community map command. The display is similar to the one shown here:

->show snmp community map

Community mode : enabled status community string user name

--------+--------------------------------+-------------------------------enabled comstring2 community_user1

This display also verifies that the community map mode is enabled.


Using SNMP For Switch Security Using SNMP

Encryption and Authentication (SNMPv3)

Two important processes are used to verify that the message contents have not been altered and that the source of the message is authentic. These processes are encryption and authentication.

A typical data encryption process requires an encryption algorithm on both ends of the transmission and a secret key (like a code or a password). The sending device encrypts or “scrambles” the message by running it through an encryption algorithm along with the key. The message is then transmitted over the network in its encrypted state. The receiving device then takes the transmitted message and “un-scrambles” it by running it through a decryption algorithm. The receiving device cannot un-scramble the coded message without the key.

The switch uses the Data Encryption Standard (DES) encryption scheme in its SNMPv3 implementation.

For DES, the data is encrypted in 64-bit blocks by using a 56-bit key. The algorithm transforms a 64-bit input into a 64-bit output. The same steps with the same key are used to reverse the encryption.

The authentication process ensures that the switch receives accurate messages from authorized sources.

Authentication is accomplished between the switch and the SNMP management station through the use of a username and password identified via the snmp station CLI syntax. The username and password are used by the SNMP management station along with an authentication algorithm (SHA or MD5) to compute a hash that is transmitted in the PDU. The switch receives the PDU and computes the hash to verify that the management station knows the password. The switch will also verify the checksum contained in the

PDU.

Authentication and encryption are combined when the PDU is first authenticated by either the SHA or

MD5 method. Then the message is encrypted using the DES encryption scheme. The encryption key is derived from the authentication key, which is used to decrypt the PDU on the switch’s side.

Configuring Encryption and Authentication

Setting Authentication for a User Account

User account names and passwords must be a minimum of 8 characters in length when authentication and encryption are used. The following syntax sets authentication type MD5 with DES encryption for user account “user_auth1”.

-> user user_auth1 password ******** md5+des

SNMP authentication types SHA and MD5 are available with and without type DES encryption. The sha,

md5, sha+des, and md5+des keywords may be used in the command syntax.

Note. Optional. To verify the authentication and encryption type for the user, enter the show user command. The following is a partial display.

-> show user

User name = user_auth1

Read right = 0x0000a200 0x00000000,

Write right = 0x00000000 0x00000000,

Read for domains = ,

Read for families = snmp chassis interface ,

Write for domains = None ,

Snmp authentication = MD5, Snmp encryption = DES

The user’s SNMP authentication is shown as MD5 and SNMP encryption is shown as DES.


Using SNMP Using SNMP For Switch Security

Setting SNMP Security

By default, the switch is set to “privacy all”, which means the switch accepts only authenticated and encrypted v3 Sets, Gets, and Get-Nexts. You can configure different levels of SNMP security by entering snmp security followed by the command parameter for the desired security level. For example, the following syntax sets the SNMP security level as “authentication all” as defined in the table below:

-> snmp security authentication all

The command parameters shown in the following table define security from the lowest level (no security) to the highest level (traps only) as shown.

Security Level no security authentication set authentication all privacy set privacy all traps only

SNMP requests accepted by the switch

All SNMP requests are accepted.

SNMPv1, v2 Gets

Non-authenticated v3 Gets and Get-Nexts

Authenticated v3 Sets, Gets, and Get-Nexts

Encrypted v3 Sets, Gets, and Get-Nexts

Authenticated v3 Sets, Gets, and Get-Nexts


Authenticated v3 Gets and Get-Nexts



All SNMP requests are rejected.


Working with SNMP Traps Using SNMP

Working with SNMP Traps

The SNMP agent in the switch has the ability to send traps to the management station. It is not required that the management station request them. Traps are messages alerting the SNMP manager to a condition on the network. A trap message is sent via a PDU issued from the switch’s network management agent. It is sent to alert the management station to some event or condition on the switch.

Traps can indicate improper user authentication, restarts, the loss of a connection, or other significant events. You can configure the switch so that traps are forwarded to or suppressed from transmission to the management station under different circumstances.

Trap Filtering

You can filter SNMP traps in at least two ways. You can filter traps by limiting user access to trap families or you can filter according to individual traps.

Filtering by Trap Families

Access to SNMP traps can be restricted by withholding access privileges for user accounts to certain command families or domains. (Designation of particular command families for user access is sometimes referred to as partition management.)

SNMP traps are divided into functional families as shown in the “SNMP Traps Table” on page 10-10 .

These families correspond to switch CLI command families. When read-only privileges for a user account are restricted for a command family, that user account is also restricted from reading traps associated with that family.

Procedures for filtering traps according to command families can be found in the Quick Steps for

“Filtering by Trap Families” on page 10-5 . For a list of trap names, command families, and their descriptions

refer to the

“SNMP Traps Table” on page 10-10

.

Filtering By Individual Trap

You can configure the switch to filter out individual traps by using the snmp trap filter command. This command allows you to suppress specified traps from the management station. The following information is needed to suppress specific traps:

• The IP address of the SNMP management station that will receive the traps.

• The ID number of the individual traps to be suppressed.

Procedures for filtering individual traps can be found in the Quick Steps for “Filtering by Individual

Traps” on page 10-6

. For a list of trap names, ID numbers, and their descriptions refer to the table “SNMP

Traps Table” on page 10-10 .


Using SNMP Working with SNMP Traps

Authentication Trap

The authentication trap is sent when an SNMP authentication failure is detected. This trap is a signal to the management station that the switch received a message from an unauthorized protocol entity. This normally means that a network entity attempted an operation on the switch for which it had insufficient authorization. When the SNMP authentication trap is enabled, the switch will forward a trap to the management station. The following command will enable the authentication trap:

-> snmp authentication trap enable

The trap will be suppressed if the SNMP authentication trap is disabled.

Trap Management

Several CLI commands allow you to control trap forwarding from the agent in the switch to the SNMP management station.

Replaying Traps

The switch normally stores all traps that have been sent out to the SNMP management stations. You can list the last stored traps by using the show snmp trap replay command. This command lists the traps along with their sequence number. The sequence number is a record of the order in which the traps were previously sent out.

You may want to replay traps that have been stored on the switch for testing or troubleshooting purposes.

This is useful in the event when any traps are lost in the network. To replay stored traps, use the snmp

trap replay command followed by the IP address for an SNMP management station. This command replays (or re-sends) all stored traps from the switch to the specified management station on demand.

If you do not want to replay all of the stored traps, you can specify the sequence number from which the trap replay will start. The switch will start the replay with a trap sequence number greater than or equal to the sequence number given in the CLI command. The number of traps replayed depends on the number of traps stored for this station.

Absorbing Traps

The switch may send the same traps to the management station many, many times. You can suppress the transmission of identical repetitive traps by issuing the snmp trap absorption command. When trap absorption is enabled, traps that are identical to traps previously sent will be suppressed and therefore not forwarded to the SNMP management station. The following command will enable SNMP trap absorption:

-> snmp trap absorption enable

To view or verify the status of the Trap Absorption service, use the show snmp trap config command.

Sending Traps to WebView

When WebView forwarding is enabled, all traps sent by switch applications are also forwarded to

WebView. The following command allows a WebView session to retrieve the trap history log:

-> snmp trap to webview enable


SNMP MIB Information Using SNMP

SNMP MIB Information

MIB Tables

You can display MIB tables and their corresponding command families by using the show snmp mib family command. The MIB table identifies the MIP identification number, the MIB table name and the command family. If a command family is not valid for the entire MIB table, the command family will be displayed on a per-object basis.

For a list and description of system MIBs, refer to

“Industry Standard MIBs” on page 10-33

and “Enterprise (Proprietary) MIBs” on page 10-38 . For a list and description of traps, refer to the

“SNMP Traps

Table” on page 10-10 .

The following is a partial display.

-> show snmp mib family

MIP ID MIB TABLE NAME FAMILY

-------+----------------------------------------+---------------------

6145 esmConfTrap NO SNMP ACCESS

6146 alcetherStatsTable interface

6147 dot3ControlTable interface

6148 dot3PauseTable interface

6149 dot3StatsTable interface

6150 esmConfTable interface

...

...

77828 healthModuleTable rmon

77829 healthPortTable rmon

77830 healthThreshInfo rmon

78849 vrrpAssoIpAddrTable vrrp

78850 vrrpOperTable vrrp

78851 vrrpOperations vrrp

78852 vrrpRouterStatsTable vrrp

...

...

87042 vacmContextTable snmp

87043 vacmSecurityToGroupTable snmp

87044 vacmAccessTable snmp

87045 vacmViewTreeFamilyTable snmp

MIB Table Description

If the user account has no restrictions, the display shown by the show snmp mib family command can be very long. For documentation purposes, a partial list is shown above and three entry examples are defined.

• The first entry in the MIB Table shows an MIP identification number of 6145. The MIB table name is esmConfTrap.This table is found in the AlcatelIND1Port MIB, which defines managed objects for the

ESM Driver subsystem.

• For MIP Id number 77828, the MIB table name is healthModuleTable. This table is found in the

AlcatelIND1Health MIB, which defines managed objects for the health monitoring subsystem.

• For MIB Id number 87042, the MIB table name is vacmContextTable. This table is found in the

SNMP-VIEW-BASED-ACM MIB, which serves as the view-based access control model (VACM) for the SNMP.


Using SNMP SNMP MIB Information

Industry Standard MIBs

The following table lists industry standard MIBs supported by the OmniSwitch 6800/6850/9000 switches.

MIB Name Description Dependencies

BGP4-MIB, RFC 1657 Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol (BGP-4) by using

SMIv2.

BRIDGE-MIB,

RFC 1493

The Bridge MIB for managing MAC bridges based on the IEEE 802.1D standard between Local Area Network (LAN) segments.

SNMPv2-SMI

SNMPv2-SMI,

RFC1215-MIB

DVMRP-STD-MIB,

Draft 11

The MIB module for management of Distance-Vector

Multicast Routing Protocol (DVMRP) routers.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB,

IF-MIB,

ALCATEL-IND1-

BASE

EE8023-LAG-MIB,

IEEE 802.3ad

Link Aggregation module for managing IEEE

Standard 802.3ad.

ENTITY-MIB, RFC 2737 Entity MIB (Version 2). Standardized set of managed objects representing logical and physical entities and relationships between them.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IF-MIB,

Q-BRIDGE-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB

EtherLike-MIB,

RFC 2665

Definitions of Managed Objects for the Ethernet-like

Interface Types.

HCNUM-TC, RFC 2856: An MIB module containing textual conventions for high-capacity data types. This module addresses an immediate need for data types not directly supported in the SMIv2. This short-term solution is meant to be deprecated as a long-term solution is deployed.

IANAifType-MIB This MIB module defines the IANAifType Textual

Convention, and thus the enumerated values of the ifType object defined in the MIB-II Table.

SNMPv2-SMI,

SNMPv2-CONF,

IF-MIB

SNMPv2-SMI,

SNMPv2-TC

SNMPv2-SMI,

SNMPv2-TC

IANA-RTPROTO-MIB This MIB module defines the IANAipRouteProtocol and IANAipMRouteProtocol textual conventions for use in MIBs which need to identify unicast or multicast routing mechanisms.

SNMPv2-SMI,

SNMPv2-TC



MIB Name

IEEE8021-PAE-MIB

IF-MIB, RFC 2863

IGMP-STD-MIB,

RFC 2933

INET-ADDRESS-MIB,

RFC 2851

IP-BRIDGE-MIB,

RFC 2674

IP-FORWARD-MIB,

RFC 2096

IP-MIB, RFC 2011

IPv6-TC, RFC 2465

IPv6-ICMP-MIB,

RFC 2466

IPv6-TCP-MIB,

RFC 2452

IPv6-UDP-MIB,

RFC 2454

MAU-MIB,

RFC 2668

Description Dependencies

This MIB modules defines 802.1X ports used for portbased access control.

The Interfaces Group MIB. Contains generic information about the physical interfaces of the entity.

Internet Group Management Protocol MIB.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB

IF-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMPv2-MIB,

IANAifType-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IF-MIB

Textual Conventions for Internet Network Addresses. SNMPv2-SMI,

SNMPv2-TC

The Bridge MIB Extension module for managing

Priority and Multicast Filtering, defined by IEEE

802.1D.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

BRIDGE-MIB

IP Forwarding Table MIB

SNMPv2 Management Information Base for the

Internet Protocol by using SMIv2. Includes Internetwork Control Message Protocol (ICMP).

This MIB defines the management information for

IPv6; Textual conventions and general group

SNMPv2-SMI,

SNMPv2-TC,

IP-MIB,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC

Management Information base for IPv6 Group.

Management Information Base for the Transmission

Control Protocol.

Management Information Base for User Datagram

Protocol

Management Information for IEEE 802.3 Medium

Attachment Units.

SNMPv2-SMI,

SNMPv2-CONF,

IPv6-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-CONF,

IPv6-TC

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF page 10-34 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007



Novell RIPSAP MIB

OSPF-MIB,

RFC 1850

OSPFV3-MIB

This MIB defines the management information for the

Routing Information Protocol (RIP) and Service

Advertising Protocol (SAP) protocols running in a

Novell Internetwork Packet Exchange (IPX) protocol environment. It provides information in addition to that contained in the IPX MIB itself. All tables in this

MIB are linked to an instance of IPX via the system instance identifier as defined in the IPX MIB.

Open Path Shortest First (OSPF) Version 2

Management Information Base.

SNMPv2-SMI

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

Open Path Shortest First (OSPF) Version 3

Management Information Base.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IF-MIB,

INET-ADDRESS-

MIB,

OSPF-MIB

PIM-MIB,

RFC 2934

Q-BRIDGE-MIB,

RFC 2674

RIPv2-MIB,

RFC 1724

RMON-MIB, RFC 2819

Protocol Independent Multicast MIB for IPv4

The Bridge MIB Extension module for managing Priority and Multicast Filtering, defined by IEEE 802.1D.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IF-MIB,

IPMROUTE-STD-

MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB,

BRIDGE-MIB,

P-BRIDGE-MIB

Routing Information Protocol (RIP) Version 2 MIB

Extension.

Remote Network Monitoring (RMON) Management

Information Base.

RS-232-MIB, RFC 1659 Definitions of Managed Objects for RS-232-like

Hardware Devices by using SMIv2.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-CONF,

IF-MIB

SNMP-COMMUNITY

MIB, RFC 2576

This MIB module defines objects to help support coexistence between SNMPv1, SNMPv2c, and SNMPv3.

SNMPv2-SMI,

SNMP-FRAME-

WORK-MIB,

SNMP-TARGET-

MIB,

SNMPv2-CONF




SNMP-FRAMEWORK

MIB, RFC 2571

SNMP-MPD-MIB,

RFC 2572

SNMP-NOTIFICATION

MIB, RFC 2573

SNMP-PROXY-MIB,

RFC 2573

SNMP-TARGET-MIB,

RFC 2573

SNMP-USER-BASED-

SM-MIB, RFC 2574

SNMPv2-MIB,

RFC 1907

SNMP-VIEW-BASED-

ACM-MIB, RFC 2575

TCP-MIB, RFC 2012

An Architecture for Describing SNMP Management

Frameworks.

Message Processing And Dispatching For The Simple

Network Management Protocol (SNMP).

SNMPv2-SMI,

SNMPv2-CONF

SNMP Applications, Notifications SNMP Entity

Remote Configuration.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB,

SNMP-TARGET-

MIB

SNMP Applications, Proxy SNMP Entity Remote

Configuration.

SNMP Applications, Proxy SNMP Entity Remote

Configuration.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB,

SNMP-TARGET

MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB

User-based Security Model (USM) for version 3 of the

Simple Network Management Protocol (SNMPv3).

Management Information Base for Version 2 of the

Simple Network Management Protocol (SNMPv2).

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

View-based Access Control Model (VACM) for the

Simple Network Management Protocol (SNMP).

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB

SNMPv2 Management Information Base for the

Transmission Control Protocol by using SMIv2.

SNMPv2-SMI,




TUNNEL-MIB,

RFC 2667

IP Tunnel MIB

UDP-MIB, RFC 2013 SNMPv2 Management Information Base for the User

Datagram Protocol by using SMIv2.

VRRP-MIB, RFC 2787 Definitions of Managed Objects for the Virtual Router

Redundancy Protocol (VRRP).

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IF-MIB

SNMPv2-SMI,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IF-MIB



Enterprise (Proprietary) MIBs

The following table lists the enterprise proprietary MIBs supported by the OmniSwitch 6800/6850/9000.

Note. The ALCATEL-IND1-BASE* MIB is required for all MIBs listed in this table.

MIB Name Description Dependencies*

ALCATEL-IND1-

AAA-MIB

Definitions of managed objects for the Authentication,

Authorization, and Accounting (AAA) subsystem.

ALCATEL-IND1-BASE This module provides base definitions for modules developed to manage Alcatel-Lucent Internetworking networking infrastructure products.

SNMPv2-SMI,

SNMPv2-TC,

SNMP-v2-CONF

SNMPv2-SMI

ALCATEL-IND1-

BGP-MIB

ALCATEL-IND1-

CHASSIS-MIB

ALCATEL-IND1-

CONFG-MGR-MIB

Definitions of managed objects for the Border Gateway Protocol (BGP) subsystem.

Definitions of managed objects for the Chassis Management subsystem.

Definitions of managed objects for the Configuration

Manager subsystem.

Definitions of chassis and modules.

SNMPv2-SMI,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

SNMP-

FRAMEWORK-

MIB,

ENTITY-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMP-SMI ALCATEL-IND1-

DEVICES

ALCATEL-IND1-

DOT1Q-MIB

ALCATEL-IND1-

DOT1X-MIB

ALCATEL-IND1-

DRCTM-MIB

ALCATEL-IND1-

DVMRP-MIB

Definitions of managed objects for the IEEE 802.1Q subsystem.

Definitions of managed objects for the IEEE 802.1X subsystem.

Definitions of managed objects for the Dynamic Routing and Control (DRC) subsystems.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC

SNMPv2-SMI,

SNMPv2-CONF

Definitions of managed objects for the Distance Vector

Multicast Routing Protocol (DVMRP) subsystem.

SNMPv2-SMI,

SNMPv2-CONF

ALCATEL-IND1-

GROUP-MOBILITY-

MIB

ALCATEL-IND1-

HEALTH-MIB

Definitions of managed objects for Group Mobility.

SNMPv2-TC,

SNMPv2-SMI,

SNMPv2-CONF

Definitions of managed objects for the Health Monitoring subsystem.

SNMPv2-SMI,



MIB Name Description Dependencies*

ALCATEL-IND1-IGMP-

MIB

ALCATEL-IND1-

INTERSWITCH-

PROTOCOL-MIB

ALCATEL-IND1-

IP-MIB

ALCATEL-IND1-

IPMRM-MIB

ALCATEL-IND1-

IPMS-MIB

ALCATEL-IND1-

IPRM-MIB

ALCATEL-IND1-

IPv6-MIB

ALCATEL-IND1-IPX-

MIB

ALCATEL-IND1-

LAG-MIB

ALCATEL-IND1-

LPS-MIB

Definitions of managed objects for the IPv4 Multicast

MIB.

Definitions of managed objects for the Interswitch

Protocol (i.e., GMAP, XMAP) subsystem.

Definitions of managed objects for the IP Stack subsystem.

SNMPv2-TC,

SNMPv2-SMI,

SNMPv2-CONF,

INET-ADDRESS-

MIB,

IF-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

IF-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IP-MIB

Definitions of managed objects for IP Multicast Route

Manager (IPMRM) global configuration parameters

SNMPv2-SMI,

SNMPv2-CONF

Definitions of managed objects for the IP Multicast

Switching (IPMS) subsystem.

Definitions of managed objects for the IP Routing

Manager (IPRM) subsystem.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

IF-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IANA-RTPROTO-

MIB

Definitions of managed objects for the IPv6 subsystem.

Definitions of managed objects for the IPX routing subsystem.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IPv7-TC

IPv6-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

Definitions of managed objects for the IEEE 802.3ad

Link Aggregation (LAG) subsystem.

Definitions of the MIB module for the address learning

MIB addresses entity.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IEEE8023-LAG-

MIB,

IF-MIB

Q-BRIDGE-MIB

SNMPv2-SMI,

SNMPv2-TC,

IF-MIB,

Q-BRIDGE-MIB,

ALCATEL-IND1-

SYSTEM-MIB,

SNMPv2-CONF



MIB Name

ALCATEL-IND1-

MAC-ADDRESS-MIB

ALCATEL-IND1-

MAC-SERVER-MIB

ALCATEL-IND1-

MLD-MIB

ALCATEL-IND1-

NTP-MIB

ALCATEL-IND1-

OSPF-MIB

ALCATEL-IND1-

OSPF3-MIB

ALCATEL-IND1-

PARTITIONED-MGR-

MIB

ALCATEL-IND1-

PCAM-MIB

ALCATEL-IND1-PIM-

MIB

ALCATEL-IND1-

POLICY-MIB

ALCATEL-IND1-

PORT-MIB

Description Dependencies*

Definitions of managed objects for the Source Learning MAC Address subsystem.

Definitions of managed objects for the Chassis Supervision MAC Server subsystem.

Definitions of the Multicast Listener Discovery

(MLD) subsystem.

Definitions of the Network Time Protocol (NTP) subsystem.

Definitions of managed objects for the Open Shortest

Path First (OSPF) subsystem.

Definitions of managed objects for the Open Shortest

Path First 3 (OSPF3) subsystem

Definitions of the user Partitioned Manager subsystem.

Definition of managed objects for the Coronado

Layer3 Hardware Routing Engine (HRE).

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

IF-MIB,

Q-Bridge-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

ENTITY-MIB,

ALCATEL-IND1-

CHASSIS-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

INET-ADDRESS-

MIB,

IF-MIB

SNMPv2-SMI,

SNMPv2-TC

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

Q-BRIDGE-MIB,

SNMP-

FRAMEWORK-

MIB,

SNMPv2-TC

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

Definitions of managed objects for the Protocol Independent Multicast Sparse Mode (PIM-SM) and Protocol Independent Multicast Dense Mode (PIM-DM) subsystem.

Definitions of managed objects for the Policy Manager subsystem.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

ALCATEL-IND1-

BASE

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

Definitions of managed objects for the Port Manager subsystem.

SNMPv2-SMI,

SNMPv2-CONF,

IF-MIB page 10-40 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007


MIB Name

ALCATEL-IND1-

PORT-MIRRORING-

MONITORING-MIB

ALCATEL-IND1-

QOS-MIB

ALCATEL-IND1-

RDP-MIB

ALCATEL-IND1-

RIP-MIB

ALCATEL-IND1-

RIPNG-MIB

ALCATEL-IND1-

SESSION-MGR-MIB

ALCATEL-IND1-

SLB-MIB

ALCATEL-IND1-

SNMP-AGENT-MIB

ALCATEL-IND1-

STACK-MANAGER

ALCATEL-IND1-

SYSTEM-MIB

ALCATEL-IND1-

TP-DEVICES

ALCATEL-IND1-

TRAP-MGR-MIB

ALCATEL-IND1-

UDP-RELAY-MIB

ALCATEL-IND1-

VLAN-MGR-MIB

ALCATEL-IND1-

VLAN-STP-MIB

Description Dependencies*

Definitions of managed objects for the Port Mirroring and Monitoring subsystem.

Definitions of managed objects for the Quality of Service (QoS) subsystem.

Definitions of managed objects for the Router Discovery Protocol (RDP) subsystem.

Definitions of managed objects for the Routing Information Protocol (RIP) subsystem.

Definitions of managed objects for the Routing Information Protocol (RIPng) subsystem.

Definitions of managed objects for the User Session

Manager subsystem.

Definitions of managed objects for the Server Load

Balancing (SLB) subsystem.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

IPv6-TC

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

Definitions of managed objects for the Simple Network Management Protocol (SNMP) Agent subsystem.

Definitions of the managed objects for Stack Manager

Chassis, Stack Manager Statistics, and Stack Manager

Traps.

Definitions of managed objects for the System Services subsystem.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

Definitions of managed objects for the OmniAccess

4000.

Definitions of managed objects for the SNMP Notification (i.e., Trap) Manager subsystem.

SNMPv2-SMI,

ALCATEL-IND1

BASE

SNMPv2-SMI,

SNMP-v2-TC,

SNMPv2-CONF

Definitions of managed objects for the User Datagram

Protocol (UDP) Relay subsystem.

SNMPv2-SMI,

SNMPv2-CONF

Definitions of managed objects for the VLAN Manager subsystem.

Definitions of managed objects for the VLAN Spanning Tree Protocol (STP) subsystem.

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF

SNMPv2-SMI,

SNMPv2-CONF,

BRIDGE-MIB



MIB Name

ALCATEL-IND1-VRRP-

MIB

ALCATEL-IND1-

VRRP3-MIB

ALCATEL-IND1-WEB-

MGT-MIB

Description

Definitions of managed objects for the Virtual Router

Redundancy Protocol (VRRP) subsystem.

Definitions of managed objects for the Virtual Router

Redundancy Protocol 3 (VRRP3) subsystem.

Definitions of managed objects for the Web Based

Management subsystem.

Dependencies*

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

INET-ADDRESS-

MIB,

IF-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

INET-ADDRESS-

MIB,

IF-MIB

SNMPv2-SMI,

SNMPv2-TC,

SNMPv2-CONF,

INET-ADDRESS-

MIB page 10-42 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007

Using SNMP Verifying the SNMP Configuration

Verifying the SNMP Configuration

To display information about SNMP management stations, trap management, community strings, and security, use the show commands listed in the following table. show snmp station show snmp community map Shows the local community strings database including status, community string text, and user account name.

show snmp security show snmp statistics

Displays current SNMP security status.

show snmp mib family show snmp trap replay

Displays SNMP statistics. Each MIB object is listed along with its status.

Displays SNMP MIB information. Information includes MIP ID number, MIB table name, and command family.

Displays SNMP trap replay information. This includes the IP address of the SNMP station manager that replayed each trap and the number of the oldest replayed trap.

show snmp trap filter

Displays current SNMP station information including IP address, UDP

Port number, Enabled/Disabled status, SNMP version, and user account names.

Displays the current SNMP trap filter status. This includes the IP address of the SNMP station that recorded the traps and the identification list for the traps being filtered.

show snmp authentication trap Displays the current authentication failure trap forwarding status (i.e., enable or disable).

show snmp trap config Displays SNMP trap information including trap ID numbers, trap names, command families, and absorption rate. This command also displays the Enabled/Disabled status of SNMP absorption and the Traps to

WebView service.

For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer-

ence Guide.


Verifying the SNMP Configuration Using SNMP page 10-44 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007

10. Using SNMP. Alcatel-Lucent OmniSwitch 6800 Series, OmniSwitch 9000 Series, OmniSwitch 6850 Series

10 Using SNMP

In This Chapter

SNMP Specifications

SNMP Defaults

Quick Steps for Setting Up An SNMP

Management Station

Quick Steps for Setting Up Trap Filters

Filtering by Trap Families

Filtering by Individual Traps

SNMP Overview

SNMP Operations

Using SNMP for Switch Management

Setting Up an SNMP Management Station

SNMP Versions

SNMPv1

SNMPv2

SNMPv3

SNMP Traps Table

Using SNMP For Switch Security

Community Strings (SNMPv1 and SNMPv2)

Configuring Community Strings

Encryption and Authentication (SNMPv3)

Configuring Encryption and Authentication

Setting Authentication for a User Account

Setting SNMP Security

Working with SNMP Traps

Trap Filtering

Filtering by Trap Families

Filtering By Individual Trap

Authentication Trap

Trap Management

Replaying Traps

Absorbing Traps

Sending Traps to WebView

SNMP MIB Information

MIB Tables

MIB Table Description

Industry Standard MIBs

Enterprise (Proprietary) MIBs

Verifying the SNMP Configuration

Related manuals

Alcatel-Lucent

OmniSwitch AOS Release 6

Alcatel-Lucent

OmniSwitch AOS Release 7

Alcatel-Lucent

OmniSwitch 9800E

Alcatel-Lucent

Switch 6850-U24X

Alcatel-Lucent

6800

Table of contents