Snmp and virtual fabrics, Filtering ports, Switch and chassis context enforcement – Dell POWEREDGE M1000E User Manual
Page 189
Fabric OS Administrator’s Guide
189
53-1002745-02
Simple Network Management Protocol
6
•
SW-EXTTRAP
Includes the swSsn (Software Serial Number) as a part of Brocade SW traps.
For information on Brocade MIBs, refer to the Fabric OS MIB Reference.
SNMP and Virtual Fabrics
When an SNMPv3 request arrives with a particular user name, it executes in the home Virtual
Fabric. From the SNMP manager, all SNMPv3 requests must have a home Virtual Fabric that is
specified in the contextName field. When the home Virtual Fabric is specified, it will be converted to
the corresponding switch ID and the home Virtual Fabric will be set. If the user does not have
permission for the specified home Virtual Fabric, this request fails with an error code of noAccess.
For an SNMPv3 user to have a home Virtual Fabric, a list of allowed Virtual Fabrics, an RBAC role,
and the name of the SNMPv3 user should match that of the Fabric OS user in the local switch
database. SNMPv3 users whose names do not match with any of the existing Fabric OS local users
have a default RBAC role of admin with the SNMPv3 user access control of read/write. Their
SNMPv3 user logs in with an access control of read-only. Both user types will have the default
switch as their home Virtual Fabrics.
The contextName field should have the format “VF:xxx”, where xxx is the actual VF_ID, for example
“VF:1”. If the contextName field is empty, then the home Virtual Fabric of the local Fabric OS user
with the same name is used. As Virtual Fabrics and Admin Domains are mutually exclusive, this
field is considered as Virtual Fabrics context when Virtual Fabrics is enabled. You cannot specify
chassis context in the contextName field.
The following example shows how the VF:xxx field is used in the snmpwalk command. This
command is executed on the host and it walks the entire MIB tree specified (.1).
switch# snmpwalk -u admin -v 3 -n VF:4 10.168.176.181.1
Filtering ports
Each port can belong to only one Virtual Fabric at any time. An SNMP request coming to one Virtual
Fabric can only view the port information of the ports belonging to that Virtual Fabric. All port
attributes are filtered to allow SNMP to obtain the port information only from within the current
Virtual Fabrics context.
Switch and chassis context enforcement
All attributes are classified into one of two categories:
•
Chassis-level attributes
•
Switch-level attributes
Attributes that are specific to each logical switch belong to the switch category. These attributes are
available in the Virtual Fabrics context and not available in the Chassis context.
Attributes that are common across the logical switches belong to the chassis level. These attributes
are accessible to users having the chassis-role permission. When a chassis table is queried, the
context is set to chassis context, if the user has the chassis-role permission. The context is
switched back to the original context after the operation is performed.