SNMP is composite of three components. The first is Network-management systems, the second is Managed device, and the last is SNMP agent. There are three versions of SNMP:
- Version 1 is poor of security that only performed community in cleartext as password.
- Version 2 enhances the security and confidetiality. However, the security system is too complex that is not widely accepted.
- Version 3 transmits messages encoded as octet string that provides SNMP packets authentication, integrity, and confidentiality.
Administrator can collect management informations from SNMP agents or set the configurations to the device. In this note, we want to set SNMP agent for two different administration scenarios, that the first one is SNMP on loopback insfrastructure, and the second one is SNMP agent from WAN interface. User can specify the host IP for the specific SNMP agent access. For more informations, please refer to the follwing steps.
Note: Vigor router supports SNMP Version 3, which prevents SNMP packet from being exposed on the wire. The Authen Algorithm supports MD5 and SHA modes, and Privacy Algorithm supports DESand AES modes.
A. SNMP on loopback infrastructure.
The scenario is showing below.
- On Vigor1, go to System Maintenance >> SNMP to enable the SNMP, and click OK to apply the settings.
- Tick Enable SNMP Agent.
- Set Get community to "public", set Set community to "private", and set Trap community to "public. Set Manager Host IP and Notification Host IP to "192.168.21.10".
- On Vigor2, go to System Maintenance >> SNMP to enable the SNMP, and click OK to apply the settings.
- Tick Enable SNMP Agent.
- Set Get community to "public", set Set community to "private", and set Trap community to "public. Set Manager Host IP and Notification Host IP to "192.168.50.10".
- Go to System Maintenance >> SNMP to reboot the router.
- Send SNMP request from MIB browser.
- Enter the Host IP and Community.
Note: The GET, GETNEXT, and GETBULK request is shareing the Get Community, "public" set as default, that we set in the part A. But SET request is using Set Community, "private", that user should change it manually.
B. SNMP agent from WAN interface.
The scenario is showing below.
- Go to System Maintenance >> SNMP to enable the SNMP, and click OK to apply the settings.
- Check the Enable SNMP Agent state.
- Set the Get community to "public", set Set community to "private", and set Trap community to "public. Set Manager Host IP and Notification Host IP to "36.226.152.185".
- Go to System Maintenance >> Management to enable Allow management from the Internet.
- Go to System Maintenance >> SNMP to reboot the router.
- Send SNMP request from MIB browser.
- Enter the Host IP and Community.