User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf

421

422

423

424

425

426

427

428

429

430

Enterasys X-Pedition User Reference Manual 403

Configuring X-Pedition Access Security

one in the mask indicates a significant byte in the OID while a zero indicates an insignificant, or

“wild card” byte. Written out in bit notation the mask is: 1111 1111 1011 1111. Notice that the zero

(10th bit) matches up with the column header of the ifTable OID (10th byte). Combined with the

subtree 1.3.6.1.2.1.2.2.1.1.35, the zero has the effect of selecting ALL columns in the ifTable, while

the trailing ones select ONLY the 35th row of the table. Without masks, this could only be

accomplished by entering snmp set view commands for each of the 22 columns of the ifTable.

Note that when creating a mask, as in the previous example, there will not always be enough bits to

completely fill the last byte. In such a case the remaining bits should be padded with ones.

Defining Targets

Use the snmp set target command to define which management targets should receive

notifications when events occur. For a detailed explanation of the snmp set target command, see

the Enterasys X-Pedition Command Line Interface Reference Manual.

Notifications can be sent in the form of either traps or informs. Traps are unreliable because the

receiver does not send acknowledgments when it receives traps. The sender cannot determine if the

traps were received. However, an SNMP entity that receives an inform request acknowledges the

message with an SNMP response PDU. If the sender never receives the response, the inform

request can be sent again. Thus, informs are more likely to reach their intended destination.

However, informs consume more resources in the agent and in the network. Unlike a trap, which is

discarded as soon as it is sent, an inform request must be held in memory until a response is

received or the request times out. Also, traps are sent only once, while an inform may be retried

several times. The retries increase traffic and contribute to a higher overhead on the network.

The example below illustrates how to define an SNMPv1 target named “manager” whose IP

address is 10.10.10.10 and can receive traps. Any event that generates a notification will cause a

trap to be sent to the target. The X-Pedition will use the security-name string “public” to

authenticate with the SNMPv1 target.

The next example shows how to define a target named “foo” using SNMPv3 user-based

authentication rather than security-name strings. In this context, the security-name option refers to

the name of the user which will be used when communicating with the target. This example

assumes that the user “jane” already exists.

The type option can be used to specify that informs should be sent to the target rather than traps.

The sending of informs does require that an SNMPv3 user be created using the proper authoritative

SNMP Engine-ID (see Configuring Informs on page 405 for more information). Again this

router(config)# snmp set view myview subtree 1.3.6.1.2.1.2.2 type include

router(config)# snmp set view myview subtree 1.3.6.1.2.1.2.2.1.1.35 mask 0xff:bf type exclude

router(config)# snmp set target manager ip-address 10.10.10.10 security-name public

router(config)# snmp set target foo ip-address 10.10.10.10 v3 auth security-name jane