User Guide
Table Of Contents
- Chapter 1 – Getting Started
- Chapter 2 – System Status
- Chapter 3 – Quick Start
- Chapter 4 – System Management
- Chapter 5 – Port Management
- Chapter 6 – VLAN Management
- Chapter 7 - Spanning Tree Management
- Chapter 8 - MAC Address Management
- Chapter 9 – Multicast
- Chapter 10 - IP Interface
- Chapter 11 - IP Network Operations
- Chapter 12 – Security
- Chapter 13 - Access Control List
- Chapter 14 - Quality of Service
- Chapter 15 - Maintenance
- Chapter - 16 Support
28
Note
—Due to the security vulnerabilities of other versions, it is recommended to use
SNMPv3.
•
SNMPv3
In addition to the functionality provided by SNMPv1 and v2, SNMPv3 applies access
control and new trap mechanisms to SNMPv1 and SNMPv2 PDUs. SNMPv3 also defines a
User Security Model (USM) that includes:
o
Authentication—Provides data integrity and data origin authentication.
o
Privacy—Protects against disclosure message content. Cipher Block- Chaining
(CBC-DES) is used for encryption. Either authentication alone can be enabled on
an SNMP message, or both authentication and privacy can be enabled on an SNMP
message. However, privacy cannot be enabled without authentication.
o
Timeliness—Protects against message delay or playback attacks. The SNMP
agent compares the incoming message time stamp to the message arrival time.
SNMP Workflow
Note
—For security reasons, SNMP is disabled by default. Before you can manage the device via
SNMP, you must turn on SNMP in the SNMP > Feature Configuration page.
If you decide to use SNMPv1 or v2:
1.
Navigate to the
SNMP -> Communities
page and click Add. The community can be
associated with access rights and a view in Basic mode or with a group in Advanced mode.
There are two ways to define access rights of a community:
•
Basic mode—The access rights of a community can configure with Read Only,
Read Write, or SNMP Admin. In addition, you can restrict the access to the
community to only certain MIB objects by selecting a view (defined in the Views
page).
•
Advanced Mode—The access rights of a community are defined by a group
(defined in the Groups page). You can configure the group with a specific security
model. The access rights of a group are Read, Write, and Notify.
2.
Choose whether to restrict the SNMP management station to one address or allow SNMP
management from all addresses. If you choose to restrict SNMP management to one
address, then input the address of your SNMP Management PC in the IP Address field.
3.
Input the unique community string in the Community String field.
4.
Optionally, enable traps by using the Trap Settings page.
5.
Optionally, define a notification filter(s) by using the Notification Filter page.
6.
Configure the notification recipients on the Notification Recipients SNMPv1, v2 page.
If you decide to use SNMPv3:
1.
Define the SNMP engine by using the Engine ID page. Either create a unique Engine ID or
use the default Engine ID. Applying an Engine ID configuration clears the SNMP database.