The administrator can activate Simple Network Management Protocol (SNMP) agent software that resides on the OnBoard appliance. The SNMP agent provides access to the OnBoard appliance by an SNMP management application, such as HP Openview, Novell NMS, IBM NetView or Sun Net Manager and provides proxied access to SNMP data from connected SPs that implement SNMP agents. The OnBoard appliance SNMP agent can be configured to send notifications (also known as traps) about significant events on the OnBoard appliance and on connected devices.
The OnBoard appliance administrator must configure the SNMP agent to use the version of SNMP supported by the management application, either SNMP v1, v2c and v3. The use of v3 is strongly encouraged wherever possible because it provides authentication and encryption of data that is lacking in v1 and v2c.
When versions 1 or 2c agents are used to obtain native management access to a device, no SNMP configuration is needed. Support is implemented entirely through the VPN connection limited by iptables rules that restrict access to particular devices.
If SNMP is used as recommended (by allowing access by agents running SNMP version 1 or 2c only through a VPN tunnel), no public client is allowed unauthenticated access to either managed clients or to the OnBoard appliance itself. For compatibility with other clients, unencrypted transfer of data is possible with SNMP v3 connections, but unencrypted data transfer is strongly discouraged.
|
|
|
|
|
|
|
Object Identifier. A unique indentifier for each object in an SNMP MIB. The OID naming scheme is in the form of an inverted tree with branches pointing downward. The OID naming scheme is governed by the Internet Engineering Task Force (IETF), which grants authority for parts of the OID name space to individual organizations. Cyclades has the authority to assign OIDs that can be derived by branching downward from the node in the MIB name tree that starts at 1.3.6.1.4.1.4413.
|
|
• v3-Uses a username for authentication. In addition to the username, an optional authentication password may be used. An encryption password also may be used for encrypting traffic. Cyclades recommends that both authentication and encryption be used to maximize the security of data and commands. Available authentication methods are MD5 or SHA. Available encryption methods are DES and AES.
|
|
For SNMP v1 and v2c only the community name is used for authentication. An arbitrary string, with a maximum length of 256 characters. Does not need to match the community name used on the public side or be unique on the private side. Must match the community string expected by the device, often public.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Strings are defined as case-sensitive ASCII, not beginning with a hash and delimited by a space, form-feed ('\f'), newline ('\n'), carriage return ('\r'), horizontal tab ('\t'), vertical tab ('\v') or null ('\0'). Any character may be included if it is escaped with a backslash ('\'). Two backslashes are interpreted as one.
Views can be created to define sections of an OID tree that are included and excluded from access. When a view is being defined, more than one line can be used to build a view. For example, one line may allow access to a subtree, and another may remove access to a portion of that subtree.