Search

Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Add an SNMPv3 user and set up authentication and privacy protocols. For information, see Configuring SNMPv3 User. After you set up an SNMPv3 user, you can modify and delete it. For information, see Modifying SNMPv3 Users and Deleting SNMPv3 Users.
  • Enable the NIOS appliance to accept queries, as described in Accepting Queries.
  • Specify the management systems to which the appliance sends traps, as described in see Adding Trap Receivers.
  • Specify system information using managed objects in MIB-II, the standard MIB defined in RFC 1213. For information, see Setting SNMP System Information.

...

Configuring SNMPv3 Users

To enable SNMPv3, you must first configure SNMPv3 users on the appliance. For information about SNMPv3, see
About User-Based Security Model in SNMPv3. To configure an SNMPv3 user:

  1. From the Administration tab, select the SNMPv3 Users tab, and then click the Add icon.
  2. In the Add SNMPv3 User wizard, complete the following:
    • Name: Enter a user name for the SNMPv3 management system.
    • Authentication Protocol: Select one of the following:
      • MD5: Select this to use the HMAC-MD5-96 authentication protocol to authenticate the SNMPv3 user.
        This protocol uses the MD5 (Message-Digest algorithm 5) hash function in HMAC (Hash-based Message Authentication Code) and truncates the output to 96 bits. The output is included as part of the SNMP message sent to the receiver. For detailed information about the protocol, refer to RFC1321, The MD5 Message-Digest Algorithm.
      • SHA: Select this to use the HMAC-SHA-96 authentication protocol to authenticate the SNMPv3 user.
        This protocol uses the SHA (Secure Hash Algorithm) hash function and truncates the output to 96 bits. The output is included as part of the SNMP message sent to the receiver.
      • None: Select this to decline using any authentication protocol for this SNMPv3 user. When you select this option, you are not required to enter a password.
        • Password: Enter a password for the selected authentication protocol.
        • Confirm Password: Enter the same password.
    • Privacy Protocol: Select one of the following:
      • DES: Select this to use DES for data encryption. DES is a block cipher that employs a 56-bit key size and 64-bit block size in the encryption.
      • AES: Select this to use AES for data encryption. AES is a symmetric-key encryption standard that comprises three block ciphers, AES-128, AES-192, and AES-256. Each of these ciphers has a 128-bit block size and a key size of 128, 192, and 256 bits, respectively.
      • None: Select this to decline using any privacy protocol for this SNMPv3 user. When you select this option, you are not required to enter a password.
        • Password: Enter a password for the privacy protocol.
        • Confirm Password: Enter the same password.
    • Comment: Enter useful information about the SNMP user, such as location or department.
    • Disable: Select this check box to retain an inactive profile for this SNMP user in the configuration. You can clear this check box to activate the profile.

      Note
      titleNote

      If an SNMPv3 user is configured to send SNMP queries, you cannot delete the user.


...

4. Save the configuration.

...

Modifying SNMPv3 Users

...

...

  1. From the Administration tab, select the SNMPv3 Users tab -> snmpv3user, and then click the Edit icon.
  2. The SNMPv3 User editor provides the following tabs from which you can edit data:
    • General: Modify the data as described in Configuring SNMPv3 Users.
    • Extensible Attributes: Add and delete extensible attributes that are associated with the SNMPv3 user account. You can also modify the values of extensible attributes. For information, see Using Extensible Attributes.
  3. Save the configuration.

...

Deleting SNMPv3 Users

When you delete an SNMPv3 user that is configured to send queries or receive traps, a warning message states that the SNMPv3 is associated with the corresponding function. You can then decide whether you want to delete the user or not.
To delete an SNMPv3 user:

  1. From the Administration tab, select the SNMPv3 Users tab -> snmpv3user, and then click the Delete icon.
  2. In the Delete confirmation dialog box, click Yes.

    Note
    titleNote

    You cannot schedule the deletion of an SNMPv3 user.

...


Accepting Queries

You can allow specific management systems to send SNMP queries to a NIOS appliance. For SNMPv1 and SNMPv2, you must specify a community string. The appliance accepts queries only from management systems that provide the correct community string. You can also specify SNMPv3 users to send queries. For information about configuring SNMPv3 users, see Configuring SNMPv3 Users.
To configure an appliance to accept SNMP queries:

...

    • Root File System: The percentage of the root file system ("/") that is currently in use. The default Trigger value is 85%, and the default Reset value is 70%.
    • Swap Usage: The percentage of the swap area that is currently in use. The factory default Trigger trigger value is 20% 50% and the factory default Reset reset value is 10%30%. The swap usage threshold varies based on the appliance models. The Infoblox GUI Grid Manager displays zero for both the Trigger trigger and Reset reset values indicating the optimized usage of platform specific default values. The swap usage threshold is set to 50% for 2 GB appliances and 20% for all other appliances. For information about available memory on each appliance model, see Table 39.1 .
    • Reporting: The number of reports created on the system that can trigger an SNMP trap. The default Trigger value is 85, and the default Reset value is 70. Note that the maximum number of reports supported per Grid is 300. This field is displayed only when you have configured a reporting server.
    • Reporting Volume: The percentage of data transmissions to the reporting server. The default Trigger value is 80%, and the default Reset value is 71%. This field is displayed only when you have configured a reporting server.
    • Threat Protection Dropped Traffic: The percentage of packets dropped based on the threat protection rule configuration. The default Trigger value is 90%, and the default Reset value is 70%. This field is displayed only when Threat Protection licenses are installed on the appliance. When the percentage of Threat Protection dropped traffic exceeds the Trigger value or drops below the Reset value, the appliance sends an SNMP trap and an email notification — if configured to do so. For information about setting SNMP traps and email notifications, see Setting SNMP and Email Notifications.
    • Threat Protection Total Traffic: The percentage of total traffic received (dropped and passed packets) on the external interfaces. The default Trigger value is 90%, and the default Reset value is 70%. This field is displayed only when Threat Protection licenses are installed on the appliance. When the percentage of total Threat Protection traffic exceeds the Trigger value or drops below the Reset value, the appliance sends an SNMP trap and an email notification — if configured to do so. For information about setting SNMP traps and email notifications, see Setting SNMP and Email Notifications.

...