Snmp – Rockwell Automation 1783-BMxxx Stratix 5700 Ethernet Managed Switches User Manual User Manual

Rockwell Automation Publication 1783-UM004E-EN-P - June 2014

111

Switch Software Features Chapter 3

SNMP

The switch supports Simple Network Management Protocol (SNMP) versions 1,
2C, and 3. SNMP enables the switch to be remotely managed through other
network management software. This feature is disabled by default.

SNMP is based on three concepts:

• SNMP managers (client software)
• SNMP agents (network devices)
• Management Information Base (MIB)

Refer to Supported MIBs on page 112

for the MIBs supported on the switch.

The SNMP manager runs SNMP management software. Network devices to be
managed, such as bridges, routers, servers, and workstations, have an agent
software module. The agent provides access to a local MIB of objects that reflects
the resources and activity of the device. The agent also responds to manager
commands to retrieve values from the MIB and to set values in the MIB. The
agent and the MIB are on the switch. To configure SNMP on the switch, you
define the relationship between the manager and the agent.

Both SNMPv1 and v2C use a community-based form of security. SNMP
managers can access the agent MIB through passwords referred to as community
strings. SNMPv1 and v2C are generally used for network monitoring without
network control.

SNMPv3 provides network monitoring and control. It provides secure access to
devices by a combination of authenticating and encrypting packets over the
network. The security model used by SNMPv3 is an authentication strategy that
is set up for a user and the user’s group. A security level is the permitted level of
security within a security model. A combination of a security model and a
security level determines which security mechanism is used for an SNMP packet.

These are some guidelines about SNMPv3 objects:

• Each user belongs to a group.
• A group defines the access policy for a set of users.
• An access policy defines which SNMP objects can be accessed for reading,

writing, and creating.

• A group determines the list of notifications that its users can receive.
• A group also defines the security model and the security level for its users.
• An SNMP view is a list of MIBs that a group can access.
• Data can be securely collected from SNMP devices without fear of the data

being tampered with or corrupted.

• Confidential information, for example, SNMP Set command packets that

change a router configuration, can be encrypted to prevent the contents
from being exposed on the network.

IMPORTANT

SNMPv.3 is available only in the cryptographic version of the switch firmware.