EX3500 SNMP Management

About this task

Optionally use the Simple Network Management Protocol (SNMP) with the EX3500 management policy for statistics gathering, or to fully manage the EX3500. SNMP is an application layer protocol that facilitates the exchange of management information between the controller or service platform and a managed device. SNMP enabled devices listen on port 161 (by default) for SNMP packets from the controller or service platform‘s management server. SNMP uses read-only and read-write community strings as an authentication mechanism to monitor and configure supported devices. The read-only community string is used to gather statistics and configuration parameters from a supported wireless device. The read-write community string is used by a management server to set device parameters. SNMP is generally used to monitor a system‘s performance and other parameters.

Procedure

  1. Go to Configuration > Management > EX3500 Management Policy.
    The screen lists those EX3500 management policies created thus far. Select Add to create a new EX3500 management policy, Edit to modify an existing policy or Delete to remove an obsolete policy. Existing lists can be copied or renamed as needed.
  2. Select the SNMP tab.
    Click to expand in new window
  3. Set the following SNMP settings:
    Enable Select the checkbox to enable SNMPv1, SNMPv2 or SNMPv3 support. The SNMP version utilized is selected and mapped to a user group within the Group table.
    Contact Define a 255 character maximum SNMP contact name for responsible for the WiNG administration of the EX3500 switch.
    Local Engine ID Set a 64 character maximum local engine ID. The local engine ID is the administratively unique identifier of an SNMPv3 engine used for identification, not addressing. There are two parts of an engine ID: prefix and suffix. The prefix is formatted according to the specifications defined in RFC 3411.
    Location Assign a 255 character maximum EX3500 switch location reflecting the switch‘s physical deployment location.
  4. Select + Add Row and set the following Community Strings:
    Name Define a public or private community designation. By default, SNMPv2 community strings on most devices are set to public, for the read-only community string, and private for the read-write community string.
    Access Set the access permission for each community string used by devices to retrieve or modify information. Available options include: Read Only - Allows a remote device to retrieve information. Read-Write - Allows a remote device to modify settings.
  5. Select + Add Row and set the following Group settings for SNMP management of the EX3500:
    Group Name Define a 32 character maximum name for this SNMP group. A maximum of 17 groups can be set for EX3500 model switches.
    Authentication If utilizing SNMPv3 as the version for this group, select whether auth, noauth or priv is applied to this group as a credential exchange and validation mechanism. This setting is not enabled if utilizing either SNMPv1 or SNMPv2.
    Version Apply either SNMPv1, SNMPv2 or SNMPv3 to this EX3500 SNMP group. SNMP v2 is identical to version 1, but it adds support for 64 bit counters. Most devices support SNMP v2c automatically. However, there are some devices that require you to explicitly enable v2, and that poses no risk. SNMP v3 adds security to the 64 bit counters provided with SNMP v2. SNMP v3 adds both encryption and authentication, which can be used together or separately. Its setup is more complex than just defining a community string. But if you require security, SNMP v3 is recommended.
    Notify View Set a 32 character maximum notify string to restrict and filter the objects in the notification.
    Read View Set an optional 32 character maximum string indicating that users who belong to this group have read access to the EX3500 switch.
    Write View Set an optional 32 character maximum string indicating that users who belong to this group have write access to the EX3500 switch.
  6. Set the following SNMP Traps for SNMP event management of the EX3500:
    Authentication Select the checkbox to enable trap generation for user authentication events when accessing a EX3500 switch from a WiNG managed controller. This feature is disabled by default.
    Enable SNMP Trap Select the checkbox to enable EX3500 MAC generation traps. When enabled a trap is generated when a dynamic MAC address is added or removed to/from the switch's address table. This feature is disabled by default.
    Link Up Down Select this option to generate a trap a when either a link is established or broken between the EX3500 switch and a connected device (WiNG managed or not).
  7. Refer to the SNMP View table and select + Add Row to include or exclude up to 31 SNMP views.
    View Name Enter a 32 alphanumeric character maximum name to identify the EX3500 SNMP MIB view. A view is a set of MIB view subtrees, or a family of subtrees, where each is a subtree within the managed object naming tree. Create MIB views to control the OID range that SNMPv3 users can access.
    OID Tree Provide an OID string to include or exclude from the view. The OID string is 128 characters in length.
    View Access Designate whether view access is included or excluded for the subtree or family of subtrees from the MIB view. If creating an excluded view subtree, consider creating a corresponding included entry with the same view name to allow subtrees outside of the excluded subtree to be included.
  8. Refer to the Notify Filter table and select + Add Row to set up to 5 remote resources for archive and retrieval.
    Name Enter a 26 character maximum name for the filter. Notifications indicate erroneous user authentication requests, restarts, connection closures, connection loss to a neighbor router or other events.
    Remote Host Provide a destination IP address for a remote server resource for trap filters.
  9. Refer to the Remote Engine table and select + Add Row to set up to 5 remote IDs and addresses.
    Remote Engine IP Enter a remote engine IP address for the remote SNMP agent of the device where the user resides.
    Remote Engine Id Provide an Id 9 - 64 characters in length. If configuring the EX3500 management for SNMP V3, is it necessary to configure an engine ID, as passwords are localized using the SNMP ID of the SNMP engine. The remote agent's SNMP engine ID is needed when computing authentication from a password.
  10. Refer to the Host table and select + Add Row to set the trap receiver host configuration.
    Authentication If using SNMPv3, define the authentication scheme for user credential validation as either auth, noauth or priv.
    Community String Provide the 1 - 32 character text community strings for accessing EX3500 switch configuration files. SNMP uses read-only and read-write community strings as an authentication mechanism to monitor and configure supported devices.
    Inform Enable this option to enable an EX3500 switch to send inform requests to SNMP managers.Traps are not as reliable than informs since an acknowledgment is not sent from the receiving end when a trap is received. A SNMP manager that receives an inform acknowledges the message with an SNMP response.
    IP Define the trap receiver‘s IP address.
    Retry Set the number of server connection retries (from 1 - 255). When no response is received after the last retry attempt, the connection session is terminated with the trap receiver IP address.
    Timeout Configures the duration (in seconds) the host connection process is shutdown temporarily before a reset of the process is attempted for the set number of retries.
    UDP Port Set the port of the server resource dedicated to receiving EX3500 switch SNMP traps. The default port is port 162.
    Version Set whether SNMP version 1, 2 or 3 is used with this dedicated host. Versions 1 and 2 provide no data security. SNMPv3 adds security and remote configuration capabilities to previous versions. The SNMPv3 architecture introduces the user-based security model (USM) for message security and the view-based access control model (VACM) for access control.