[Top] [Prev] [Next] [Contents] [Index]

Controlling Access to Terminals through SNMP

By default, any host on the network can read and write an NCD terminal's SNMP variables. You can restrict this access using the procedures in this section.

This section also provides a procedure for configuring terminals to send notification of traps to specified hosts. Traps are responses to significant events and are generated by the terminal.

SNMP passwords (community names) are saved into a limited area in the terminal's NVRAM. To save space, you can define a global password that provides read/write access to SNMP variables as well as access to other terminal functions (Setup -> Change Setup Parameters -> Access Control -> Unit Global Password). For more information about setting a global password, see the System Administrator's Guide. For information about the special area in NVRAM for saving passwords and certain other strings, see Chapter 11, Boot Monitor and NVRAM.

Except for the community names, the parameters described in the following procedures are not saved in NVRAM.

Configuring Read/Write Access

A host with read/write access to a terminal's MIB variables is called a manager. You can establish a list of hosts allowed to access the terminal or prevent access from all hosts. Access control is disabled by default.

To establish read/write access control to a terminal's SNMP variables:

  1. To establish access control, set the snmp-read-write-access-control-enabled parameter to "true" (Setup -> Change Setup Parameters -> Access Control -> Enable SNMP Read-Write Access Control).

    Table 16-1 snmp-read-write-access-control-enabled Parameter
    Possible Values
    Results
    default false
    false Requests for connections to the SNMP daemon from outside the terminal are not checked against the read/write access list.
    true Requests for connections to the SNMP daemon from outside the terminal are checked against the read/write access list.

  2. The snmp-read-write-access-control-list table contains the names of all hosts with read/write access to SNMP variables (Setup -> Change Setup Parameters -> Access Control -> SNMP Read-Write Access Control List). If read/write access control is enabled, only hosts in the table have read/write access to the terminal.

    Table 16-2 snmp-read-write-access-control-list Parameter
    Table Entries
    Possible Values
    Results
    host default (empty list)
    hostname or IP address The network name or address of a host granted read/write access to the terminal's SNMP daemon.


    Note:
    To disallow read/write access by all hosts, leave the table empty and make sure snmp-read-write-access-control-enabled is set to "true."

  3. A community name must be specified in SNMP requests to obtain read/write access to the terminal's configuration information when access control is enabled. You can specify up to two community names. A community string is a string of alphanumeric characters of arbitrary length.

Configuring Read-Only Access

A host with read-only access to a terminal's MIB variables is called a monitor. The default is to allow any host read-only access to the terminal through SNMP. You can establish a list of hosts allowed to access the terminal or prevent access from all hosts. Access control is disabled by default.

You can use the default read-only password, called a community name, or specify a different one.

Complete the following steps to configure read-only access to a terminal's SNMP variables:

  1. To establish access control, set the snmp-read-only-access-control-enabled parameter to "true" (Setup -> Change Setup Parameters -> Access Control [SNMP section] -> Enable SNMP Read-Only Access).

    Table 16-3 snmp-read-only-access-control-enabled Parameter
    Possible Values
    Results
    default false
    false Requests for connections to the SNMP daemon from outside the terminal are not checked against the read-only access list.
    true Requests for connections to the SNMP daemon from outside the terminal are checked against the read-only access list.

  2. The snmp-read-only-access-control-list table contains the names of all hosts with read-only access to SNMP variables (Setup -> Change Setup Parameters -> Access Control [SNMP section] -> SNMP Read-Only Access Control List). If read-only access control is enabled, only hosts in the table have read-only access to the terminal.

    Table 16-4 snmp-read-only-access-control-list Parameter
    Table Entries
    Possible Values
    Results
    host default (empty list)
    hostname or IP address The network name or address of a host granted read-only access to the terminal's SNMP daemon.


    Note:
    To disallow read-only access by all hosts, leave the table empty and make sure snmp-read-only-access-control-enabled is set to "true."

  3. The community name must be specified in SNMP requests to obtain read-only access to the terminal's configuration information. You can specify up to two community names. A community name is a string of alphanumeric characters of any length.

Configuring Terminals to Allow Trap Monitoring

The two trap events defined for NCD terminals are:

To designate a host as a trap monitor, list its hostname or IP address and a community name (password) in Setup -> Change Setup Parameters -> Access Control -> SNMP Trap Monitors. A community name is an alphanumeric string of arbitrary length.

Note:
If any of the trap monitor hosts are also manager or monitor hosts, use the community names already specified for those hosts. For information about manager and monitor hosts, see "Configuring Read/Write Access" and "Configuring Read- Only Access".


[Top] [Prev] [Next] [Contents] [Index]

Send comments, suggestions, or questions about this document to the NCD Technical Publications Department by Internet e-mail. Write to us at techpubs@ncd.com.
Copyright © 1997, NCD Inc. All rights reserved.