This chapter covers these topics:
Overview
The MAX TNT supports SNMP (Simple Network Management Protocol) on a TCP/IP network. An SNMP management station that uses the Ascend Enterprise MIB can query the MAX TNT, set some parameters, sound alarms when certain conditions appear in the MAX TNT, and so forth. The SNMP manager must be running on a host on the local IP network, and the MAX TNT must be able to find that host, either via static route or RIP. In addition to these restrictions, the MAX TNT has its own SNMP password security (community strings), which you should set up to protect the MAX TNT from being reconfigured from an SNMP station.
SNMP support
This section describes the SNMP support on the MAX TNT. Ascend MIB
Table 8-1 lists the Ascend MIB groups the MAX TNT supports. Entries that are not supported return zero or NO_SUCH_OBJECT.
Multishelf system reports on slave cards
In a multishelf system, the master shelf-controller keeps status information about all slots in the system. The SNMP agent on the master shelf-controller reports status information on the slots in the Ascend Enterprise MIB Slots group. The slotIndex for the cards in each shelf in a multishelf system is shown below:
Slots 1-16 represent the actual removable slot cards. Slots 17 represents the shelf controller. Slot 18 is reserved for future use.
Ascend Advanced Agent MIB
The MAX TNT supports the Ascend Advanced MIB, previously called the WAN MIB. The Advanced MIB defines objects related to WAN lines, channels, and ports. Ascend Power Supply MIB
This MIB manages the MAX TNT power supplies. Ascend Multishelf MIB
This MIB manages multishelf configuration, including whether the shelf is a master or a slave, its shelf number, and multishelf statistics. DSX MIB
The DSX MIB (RFC 1406) allows SNMP Managers to query the state and configuration of T1 lines. The MAX TNT supports the all tables in this MIB except the dsx1FracTable. Frame Relay MIB for DTEs
The HDLC cards support the Frame Relay MIB (RFC 1315), which specifies SNMP MIB variables for Frame Relay DTEs. Modem MIB
The Modem MIB (RFC 1696) defines managed objects for modems. The MAX TNT supports all objects in the Modem MIB.
Configuring SNMP access and security
The SNMP profile contains SNMP-readable information related to the unit itself and its SNMP security. There are two levels of security: community strings, which must be known by a community of SNMP managers to access the box, and address security, which excludes SNMP access unless it is initiated from a specified IP address.
SNMP
enabled = no
read-community = public
read-write-community = write
enforce-address-security = no
read-access-hosts = [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ]
write-access-hosts = [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ]
contact = ""
location = ""
Sample SNMP profile
This example enables SNMP access, enforces address security, and prevents write access:
admin> read snmp
SNMP read
admin> list
enabled = no
read-community = public
read-write-community = write
enforce-address-security = no
read-access-hosts = [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ]
write-access-hosts = [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ]
contact = ""
location = ""
admin> set enabled = yes
admin> set enforce-address-security = yes
admin> set read-access 1 = 10.2.3.4
admin> set read-access 2 = 10.2.56.123
admin> set queue-depth = 32
admin> write
SNMP written
Setting up SNMP traps
The MAX TNT can be configured to generate traps for alarm events, security events, and port state-change events. A trap is a mechanism for reporting system change in real time, such as reporting an incoming call. When a trap is generated by some condition, a traps-PDU (protocol data unit) is sent across the Ethernet to the SNMP manager.
TRAPFor details on the actual events that generate traps in the various classes, see the Ascend Enterprise MIB, or see the MAX TNT Reference Guide.
host-name* = ""
community-name = ""
host-address = 0.0.0.0
alarm-enabled = yes
security-enabled = no
port-enabled = no
slot-enabled=no
Port-State change events are currently not applicable to the MAX TNT. These include:
Example SNMP trap configuration
In the following example, the host-name is used only as a profile index, not to locate the actual host on the network. A community name is specified, security-class traps are added to the default alarm-class traps, and this host receives a trap if the multishelf link goes down.
admin> new trap
TRAP/"" read
admin> list
host-name* = ""
community-name = ""
host-address = 0.0.0.0
alarm-enabled = yes
security-enabled = no
port-enabled = no
slot-enabled = no
admin> set host-name = security-traps
admin> set community-name = Ascend
admin> set host-address = 10.2.3.4
admin> set security-enabled = yes
admin> set slot-enabled = yes
admin> write
TRAP/security-traps written
If traps are enabled on both the master and slave shelf controllers, a trap with the following OID may be generated to indicate multishelf link conditions:
.1.3.6.1.4.1.529.19.5.1.2.X
In this case, X in the OID is the number of the shelf that lost communication, and the trap value is 1 (idle).
A trap is reported by the master shelf-controller when the link is back up again. In this case, X in the OID is the destination shelf number, and the trap value is 4 (up). This trap is reported only by the master shelf to indicate that the entire multishelf system is up.
Managing SNMP interfaces
The If-Admin command is a diagnostic tool for managing SNMP interfaces. To see its usage:
admin> if-adminTo see a list of available SNMP interface numbers:
usage: if-admin -a|d|l|t|u|? [ interface ]
-a list (a)available SNMP interface numbers
-d administratively (d)own an SNMP interface
-l (l)ist SNMP interface/device address mapping
-r (r)eset SNMP interface/device address mappingsr
-u administratively (u)p an SNMP interface
-? display this summary
admin> if-admin -aTo see a list of all SNMP interface numbers assigned by the system:
Available SNMP interface numbers
118 - infinity
admin> if-admin -lTo bring an SNMP interface up or down:
SNMP-IF DEVICE ADDRESS
101 - { 1 11 32 }
1 - { 1 17 1 }
102 - { 1 11 33 }
2 - { 1 3 1 }
103 - { 1 11 34 }
3 - { 1 3 2 }
104 - { 1 11 35 }
4 - { 1 3 3 }
105 - { 1 11 36 }
5 - { 1 3 4 }
106 - { 1 11 37 }
6 - { 1 3 5 }
107 - { 1 11 38 }
7 - { 1 3 6 }
108 - { 1 11 39 }
8 - { 1 3 7 }
109 - { 1 11 40 }
9 - { 1 3 8 }
110 - { 1 11 41 }
10 - { 1 15 1 }
...
99 - { 1 11 30 }
admin> if-admin -d 2To bring a downed device back up:
interface 2 state change forced
admin> if-admin -u 2Alternatively, you can modify the desired-state parameter in the object's Admin-State profile. See Using the Admin-State profile.
interface 2 state change forced
Initiating interface state changes
To bring an SNMP interface up or down, use the If-Admin command.
admin> if-admin -d 2
interface 2 state change forcedTo bring an interface up:
admin> if-admin -u 2
interface 2 state change forced
When you use the If-admin command with the -r option, the order of the SNMP interface table is reset to a deterministic order. The T1 lines will appear in the SNMP interface table before the packet-passing interfaces such as Ethernet, modem, and HDLC cards. The T1 line interfaces will be ordered based on slot number order.
admin> if-admin -r
SNMP interface mappings reset.
Reset system in order to take effect.
Copyright © 1997, Ascend Communications, Inc. All rights reserved.