User`s manual

ManualsBrandsAudioCodes ManualsNetworkingMediant 1000

351

352

353

354

355

356

357

358

359

360

H.323 User's Manual 15. SNMP-Based Management

Version 5.0 359 December 2006

15.7.3 Trusted Managers

By default, the agent accepts ‘get’ and ‘set’ requests from any IP address, as long as the

correct community string is used in the request. Security can be enhanced via the use of

Trusted Managers. A Trusted Manager is an IP address from which the SNMP Agent

accepts and processes ‘get’ and ‘set’ requests. An EM can be used to configure up to five

Trusted Managers.

Note: If Trusted Managers are defined, all community strings work from all

Trusted Managers. That is, there is no way to associate a community string

with particular trusted managers.

The concept of trusted managers is considered to be a weak form of security and is

therefore, not a required part of SNMPv3 security, which uses authentication and privacy.

However, the board’s SNMP agent applies the trusted manager concept as follows:

 There is no way to configure trusted managers for only a SNMPv3 user. An SNMPv2c

community string must be defined.

 If specific IPs are configured as trusted managers (via the community table), then only

SNMPv3 users on those trusted managers are given access to the agent’s MIB

objects.

15.7.3.1 Configuration of Trusted Managers via ini File

To set the Trusted Mangers table from start-up, write the following in the ini file:

SNMPTRUSTEDMGR_X = D.D.D.D

where X is any integer between 0 and 4 (0 sets the first table entry, 1 sets the second, and

so on), and D is an integer between 0 and 255.

15.7.3.2 Configuration of Trusted Managers via SNMP

To configure Trusted Managers, the EM must use the SNMP-COMMUNITY-MIB, the

snmpTargetMIB and the snmpTargetMIB.

The procedure below assumes that there is at least one configured read-write community,

are currently no Trusted Managers, and the TransportTag for columns for all

snmpCommunityTable rows are currently empty.

¾ To add the first Trusted Manager, take these 3 steps:

1. Add a row to the snmpTargetAddrTable with these values:

• Name=mgr0

• TagList=MGR

• Params=v2cparams

2. Add a row to the snmpTargetAddrExtTable table with these values:

• Name=mgr0

• snmpTargetAddrTMask=255.255.255.255:0.

The agent does not allow creation of a row in this table unless a corresponding row

exists in the snmpTargetAddrTable.

3. Set the value of the TransportTag field on each non-TrapGroup row in the

snmpCommunityTable to MGR.