Setting up SNMP with LANconfig

SNMP communities

SNMP agents and SNMP managers belong to SNMP communities. These communities collect certain SNMP hosts into groups, in part so that it is easier to manage them. On the other hand, SNMP communities offer a certain degree of security because an SNMP agent only accepts SNMP requests from participants in a community that it knows.

Note: This configuration is relevant for the SNMP versions v1 and v2c only.

Note: The SNMP community public is set up by default, and this provides unrestricted SNMP read access.

Entry active: Activates or deactivates this SNMP community.
Name: Enter a descriptive name for this SNMP community.
Security-Name: Here you enter the name for the access policy that specifies the access rights for all community members.

Users

Individual users can be granted access to the device in addition to the administrators registered on it. Here you configure the authentication and encryption settings for these users when operating SNMPv3.

Entry active

Activates or deactivates this user.

User name

Enter a descriptive name for this user.

Authentication

Specify the method that the user is required to use to authenticate at the SNMP agent. The following options are available:

None: Authentication of the user is not necessary.
HMAC-MD5: Authentication is performed using the hash algorithm HMAC-MD5-96 (hash length 128 bits).
HMAC-SHA (default): Authentication is performed using the hash algorithm HMAC-SHA-96 (hash length 160 bits).

Password for auth.

Enter the user password necessary for authentication here and repeat it in the box below.

Encryption

Specify which encryption method is used for encrypted communication with the user. The following options are available:

None: Communication is not encrypted.
DES: Encryption is performed with DES (key length 56 bits).
AES128 (default): Encryption is performed with AES128 (key length 128 bits)
AES192: Encryption is performed with AES192 (key length 192 bits)
AES256: Encryption is performed with AES256 (key length 256 bits)

Password for priv.

Enter the user password required by the encryption here and repeat it in the box below.

Groups

By configuring SNMP groups, it is easy to manage and assign the authentication and access rights of multiple users. By default, the configuration is set up for SNMP access via LANmonitor.

Entry active

Activates or deactivates this group.

Group name

Enter a descriptive name for this group. You will use this name when you go on to configure the access rights.

User/security name

Here you select a security name you assigned to an SNMP community. It is also possible to specify the name of an existing configured user.

Security model

SNMPv3 introduced the principle of the "security model", so that the SNMP configuration in LCOS primarily uses the security model "SNMPv3". However, for compatibility reasons it may be necessary to also take the versions SNMPv2c or even SNMPv1 into account, and to select these as the "security model" accordingly. Select one of the following entries accordingly:

SNMPv1

Data is transmitted by SNMPv1. Users are authenticated by the community string in the SNMP message only. Communication is not encrypted. This corresponds to the security level "NoAuthNoPriv".

SNMPv2

Data is transmitted by SNMPv2c. Users are authenticated by the community string in the SNMP message only. Communication is not encrypted. This corresponds to the security level "NoAuthNoPriv".

SNMPv3 (USM)

Data is transmitted by SNMPv3. Users can authenticate and communicate according to the following security levels:

NoAuthNoPriv: The authentication is performed by the specification and evaluation of the user name only. Data communication is not encrypted.
AuthNoPriv: The authentication is performed with the hash algorithm HMAC-MD5 or HMAC-SHA. Data communication is not encrypted.
AuthPriv: The authentication is performed with the hash algorithm HMAC-MD5 or HMAC-SHA. Data communication is encrypted by DES or AES algorithms.

Access rights

This table brings together the different configurations for access rights, security models, and views.

Entry active: Activates or deactivates this entry.
Group name: Here you select the name of a group that is to receive these assess rights.
Security model: Activate the appropriate security model here.
Minimal security level: Specify the minimum security level for access and data transfer.
Read-only view: Set the view of the MIB entries for which this group is to receive read rights.
Write view: Set the view of the MIB entries for which this group is to receive write rights.

Views

Here you collect the different values or even entire branches of the device MIB, which each user is entitled to view or change in keeping with the corresponding access rights.

Entry active: Activates or deactivates this view.
Name: Give the view a descriptive name here.
Access to subtree: Here you decide whether the OID subtrees specified in the following are "added" or "removed" from the view.
OID subtree: Use a comma-separated list of the relevant OIDs to decide which values and actions from the MIB are included in this view.
Note: The OIDs are taken from the device MIB, which you can download with WEBconfig under Extras > Get Device SNMP MIB.

Target addresses

The list of target addresses is used to configure the addresses of the recipients to whom the SNMP agent sends the SNMP traps.

Name: Give the entry a descriptive name here.
Transport address: Configure the address of the recipient here.
Target parameter name: Here you select the desired entry from the list of recipient parameters.

Target parameter name

In this table you configure how the SNMP agent handles the SNMP traps that it sends to the recipient.

Name

Give the entry a descriptive name here.

Message processing model

Here you specify the protocol for which the SNMP agent structures the message.

Security-Name

Here you select a security name you assigned to an SNMP community. It is also possible to specify the name of an existing configured user.

Security model

Activate the appropriate security model here.

Security level

Set the security level that applies for the recipient to receive the SNMP trap.

No authentication/No privacy: The SNMP request is valid without the use of specific authentication methods. Authentication merely requires the user to belong to an SNMP community (for SNMPv1 and SNMPv2c) or to specify a valid user name (for SNMPv3). Data transfer is not encrypted.
Authentication/No privacy: SNMP requests are only processed following authentication by means of the HMAC-MD5 or HMAC-SHA algorithm, but data transfer is not encrypted.
Authentication and privacy: SNMP requests are only processed following authentication by means of the HMAC-MD5 or HMAC-SHA algorithm, and data transfer is encrypted by the DES or AES algorithm.