Configuration SNMP on ERS8600

    Simple Network Management Protocol (SNMP) is a protocol designed for basic management propose and ERS8600 supports SNMP v1, v2, and v3. There are two different SNMP configuration and parameters of ERS8600 since the design and security purposes. Starting in software release 3.7, the CLI command "save config" creates a hidden and encrypted file that contains the SNMP community table information. For security reasons, the "save config" command also removes reference to the existing SNMP community strings in the newly created configuration file. In addition, the commands to configure SNMP community strings and trap receivers are moved from "config sys set snmp" to "config snmp-v3".

   This lab only focuses on community strings, trap receiver, and hidden files.

1. Community Strings: The SNMP agent validates each request from an SNMP manager before
responding to the request and this is accomplished by verifying that the manager belongs to a valid SNMP community.

A. Changing the community strings with software version 3.3

ERS-8606:5# config sys set snmp community < ro|rw|l2|l3|rwa> <commstring>

  • ro|rw|l2|l3|rwa is the choice of community. ro is read-only, rw is read/write, l2 is
    layer 2 read/write, l3 is layer 3 (and layer 2) read/write, and rwa is read/write/all.
  • commstr is the input community string

B. Changing the default community strings with software 3.5 and later

ERS-8606:5# config snmp-v3 community commname first new-commname <commstring>
ERS-8606:5# config snmp-v3 community commname second new-commname <commstring>

  • first represents the default read-only access (public) and second represents the default read-write access (private).

 

2. Trap Receiver:

A. Setting the trap receiver with software version 3.3

ERS-8606:5# config sys set snmp trap-recv <ipaddr> v2c public

  • ipaddr is the IP address of a SNMP trap receiver.

B. Setting the trap receiver with software 3.5 and later: Create trap receivers by creating SNMP-v3 trap notifications and then specifying the target address where the notifications sent along with specific target parameters. By default, the ERS8600 has a default trap notification of “trapTag”. We can use this default notification when setting up the SNMP trap target address.

ERS-8606:5# config snmp-v3 target-addr create <Target Name> <Ip addr:port> <Target parm> taglist <Notify Tag>

  • Target Name: The name of trap receiver target.
  • IP addr:port: The IP address of a trap receiver and SNMP agent listening port
  • Target parm: Enter TparamV1 for SNMPv1 and TparamV2 for SNMPv2c.
  • Notify Tag: Enter the default trap notification “trapTag”.

C. The default notify configuraiton

ERS-8606:5/config/snmp-v3/notify# info

================================================================================
                         Notify Configuration
================================================================================
Notify Name                      Tag                              Type     
--------------------------------------------------------------------------------
Inform                           informTag                        inform   
Trap                             trapTag                          trap   

D. The default target parameter

ERS-8606:5/config/snmp-v3/target-param# info

================================================================================
                         Target Params Configuration
================================================================================
Target Name                      MP Model  Security Name                    Sec Level   
--------------------------------------------------------------------------------
TparamV1                         snmpv1    readview                         noAuthNoPriv
TparamV2                         snmpv2c   readview                         noAuthNoPri

3. Hidden Files: Those hidden files contain community strings, passwords, and trap receivers. Files created by software 3.5 and 4,0 are not encrypted. Hidden files created by 3.7, 4.1, and 5.0 are encrypted.

  • shadov.txt
  • snmp_usm.txt
  • snmp_comm.txt
  • password.txt (This file can’t not be copied to a TFTP server at version 3.7, 4.1, and 5.0)

Posted in Labels: , , |

0 comments: