SNMP configuration on 450 series and its usage.

Products PMP
1

450 series supports SNMPv2 and SNMPv3.

Configuring SNMPv2c settings on AP or SM:

  • If “SNMP Community String 1 Permissions” set to “Read-only” then it supports operations like “GET”, “WALK” other than “SET”.
  • If “SNMP Community String 1 Permissions” set to “Read/Write” then it supports every operation like “GET”,”SET”,”WALK”.

SNMPv2c Settings

By default, “SNMP Community String 2 (Read Only) “allow operations “GET”,”WALK”.

Configuring SNMPv3 Settings:

SNMPv3 Settings.jpg
SNMPv3 Settings.jpg763×325 57.2 KB

  • The "EngineID"in SNMPv3 uniquely identifies each SNMP entity and helps to generate the key for authenticated messages.
  • PMP 450 series supports three types of SNMPv3 Security levels.
    1. noAuth,noPriv
    2. auth,noPriv
    3. auth,priv
  • SNMPv3 security comes primarily in 2 forms:
    • Authentication ensures that traps are read by only the intended recipient. As messages are created, they are given a special key that is based on the EngineID of the entity. The key is shared with the intended recipient and used to receive the message.
    • Privacy encrypts the payload of the SNMP message to ensure that it cannot be read by unauthorized users. Any intercepted traps will be filled with garbled characters and will be unreadable. Privacy is especially useful in applications where SNMP messages must be routed over the Internet.
  • 450 series supports MD5 (Authentication Protocol) and CDC-DES (Privacy Protocol).
  • “SNMPv3 Read-Only user” is same as “SNMP Community String 2 (Read Only)” but with additional security level.
  • In “SNMPv3 Read/Write User” allows enabling or disabling R/W user privilege level.

Three Additional SNMPv3 users allows user to configure three different users with different User levels.

Additional Users.jpg
Additional Users.jpg708×451 59.4 KB

Note:

SNMPv3 Auth/Privacy Key should not be less than 8 characters long.

SNMPv3 TRAP Configuration:

SNMPv3 Trap Configuration.jpg
SNMPv3 Trap Configuration.jpg729×59 12.7 KB

This allows user to enable or disable traps for the device.

If trap enabled, it allows selecting trap either “Read-Only User” or “Read/Write User”.

SNMP ACCESSING ADDRESS:

SNMP Accessing Address.jpg
SNMP Accessing Address.jpg731×57 12.2 KB

  • It allows user to configure up to ten IP address/subnet mask to send SNMP request to the devices.
  • The default IP’s /Subnet mask is “0.0.0.0/0” which allows all IP

SNMP TRAP ADDRESS:

  • Traps inform Wireless Manager(WM) or NMS about the event occurred when IP addresses configured in “TRAP Addresses”.

TRAP address.jpg
TRAP address.jpg738×133 26.7 KB

  • When “SNMP Trap Server DNS Usage” is set to “Append DNS Domain Name” then the name of the trap server only needs to be specified and the DNS domain name is automatically appended.
  • “SNMP Trap Boot-up Delay” helps to delay the number of seconds to send a SNMP trap after boot up and it ranges (0-120 seconds).
  • SNMP trap address allows user to configure up to ten IP address/subnet mask to which SNMP traps must be sent.

Trap Enable.jpg
Trap Enable.jpg736×125 17.1 KB

  • “Enabling” Sync status sends traps to configured trap addresses when GPS sync lost or regained.
  • “Enabling” Session Status sends traps to configured trap addresses when session lost or regained.

 NOTE:Navigate to Configuration-->Security-->Security Mode-->SNMP and select the respective SNMP version (SNMPv2c only, SNMPv3 only or SNMPv2c and SNMPv3 only).

SNMP Operations using Command Line in Linux machine:

  • Open the Linux Command line and install SNMP using the below command:

    #sudo apt install snmp

SUMMARY OF SNMPv3 Commands:

Summary Table.jpg.png

Note:  The canopy supports “MD5” Authentication Protocol and “CBC-DES” Privacy Protocol.

SMNP GET with Security level “No auth, No priv”:

snmpget –v 3 –u <NAME> -l noAuthNoPriv <IPADDRESS> <MIB-VALUE>

Example:

snmpget -v 3 -u User1 -l noAuthNoPriv 10.110.250.133 .1.3.6.1.4.1.161.19.3.3.2.152.0

SMNP SET with Security level “No auth, No priv”:

snmpset –v 3 –u <NAME> -l noAuthNoPriv <IPADDRESS> <MIB-VALUE> i <SET-VALUE-TO>

Example:

snmpset -v 3 -u User1 -l noAuthNoPriv 10.110.250.133 .1.3.6.1.4.1.161.19.3.3.2.152.0 i 20

SMNP GET with Security level “auth, No priv”:

snmpget –v 3 –u <NAME> -l authNoPriv –a <MD5|SHA>  -A <AuthPhassPhrase>  <IPADDRESS> <MIB-VALUE>

Example:

snmpget -v 3 -u User1 -l authNoPriv -a MD5 -A CanopyAuth 10.110.250.133 .1.3.6.1.4.1.161.19.3.3.2.152.0

SMNP SET with Security level “auth, No priv”:

snmpset –v 3 –u <NAME> -l authNoPriv –a <MD5|SHA>  -A <AuthPhassPhrase>  <IPADDRESS> <MIB-VALUE> i <SET-VALUE-TO>

Example:

snmpset -v 3 -u User1 -l authNoPriv -a MD5 -A CanopyAuth 10.110.250.133 .1.3.6.1.4.1.161.19.3.3.2.152.0 i 110

SMNP GET with Security level “auth, priv”:

snmpget –v 3 –u <NAME> -l authPriv –a <MD5|SHA>  -A <AuthPhassPhrase>  -x <AES|DES> -X <PrivPhassPhrase> <IPADDRESS> <MIB-VALUE>

Example:

snmpget -v 3 -u User1 -l authPriv -a MD5 -A CanopyAuth -x DES -X CanopyPriv 10.110.250.133 .1.3.6.1.4.1.161.19.3.3.2.152.0

SMNP SET with Security level “auth, priv”:

snmpset –v 3 –u <NAME> -l authPriv –a <MD5|SHA>  -A <AuthPhassPhrase>  -x <AES|DES> -X <PrivPhassPhrase> <IPADDRESS> <MIB-VALUE> i <SET-VALUE-TO>

Example:

snmpset -v 3 -u User1 -l authPriv -a MD5 -A CanopyAuth -x DES -X CanopyPriv 10.110.250.133 .1.3.6.1.4.1.161.19.3.3.2.152.0 i 20

GET and SET operations through Linux Command lines:

Linux.jpg
Linux.jpg753×107 43.5 KB

15 Likes