Avaya Aura (TM) SMGR SNMP Whitepaper
[pic]
Avaya Aura® System Manager 6.2
SNMP Whitepaper
Issue 1.0
26th September, 2012
Table of Contents
1. INTRODUCTION 3
2. SYSTEM MANAGER SNMP AGENT 3
3. Managing SNMPv3 User Profiles and SNMP Target Profiles 5
3.2 Customizing SNMPv3 users 7
3.3 Customizing Target Profiles 9
3.4 System Manager Target Profile 11
3.5 Assigning/attaching SNMPv3 User profiles and snmp target profiles to serviceability agents 12
4. Supported MIB Groups 15
5. System Manager Event Codes 16
6. Appendix A 17
7. Appendix B 20
1. INTRODUCTION
System Manager provides an Operating System (OS) level Simple Network Management Protocol (SNMP) Master agent (Net-SNMP) for basic Internet Protocol (IP) discovery, OS platform monitoring, notification sending and notification destination & SNMPv3 user management. SNMP notification is provided by System Manager using standard SNMP notifications (v2c and v3) using unique notification OIDs.
System Manager provides the Serviceability Agent which monitors faults on the system and sends SNMPv2c/SNMPv3 notifications (traps/informs) to configured destinations via the Net-SNMP master agent. One of the configurable destinations is a SAL Gateway which forwards these traps as alarms to the Avaya Data Center. For the System Manager alarming to work a SNMP target destination for System Manager itself is created and pre-configured on its serviceability agent.
• For Release 6.1 elements with 6.1 SAL agent, and Release 6.2 elements with 6.2 serviceability agent, System Manager cannot forward traps to NMS. You can configure 6.1 elements with 6.1 SAL agent and 6.2 elements with 6.2 serviceability agents to send SNMP traps directly to a customer Network Management System (NMS). However, for Release 6.2 elements, you can configure from System Manager instead of configuring in each element.
• For Release 5.2 elements and Release 6.0 elements, you can configure System Manager to forward alarms to Avaya Data Center (ADC).
System Manager MIBs are listed in appendix.
2. SYSTEM MANAGER SNMP AGENT
System Manager by default has stopped supporting SNMPv1 & SNMPv2 requests for GET/SET operations from external NMS. However System Manager can receive and process SNMP v1, v2c and v3 notifications from different elements. The SNMP master agent (Net-SNMP) comes pre-configured with seven snmpv3 users (for each combination of authentication and privacy protocol). These SNMPv3 users however get overwritten with new usernames and credentials, when the user-prefix and authentication & privacy protocol passwords are defined by the admin during System Manager deployment as shown in the screenshot below:
[pic]
For example: If in the above screen we provide “snmpadmin” as User Name prefix, “admin123” as Authentication Protocol Password and Privacy Protocol Password then the set of SNMPv3 users will be created as per the following table and replace the old preconfigured set of SNMPv3 users:
|Authentication Protocol|Authentication Password|Privacy Protocol |Privacy Password |SNMPv3 Username |Permissions |
|SHA |admin123 |AES |admin123 |snmpadmin _sha_aes |read-write |
|MD5 |admin123 |DES |admin123 |snmpadmin _md5_des |read-write |
|SHA |admin123 |DES |admin123 |snmpadmin _sha_des |read-write |
|MD5 |admin123 |None |NA |snmpadmin _md5_none |read-write |
|SHA |admin123 |None |NA |snmpadmin _sha_none |read-write |
The SNMP Agent will always be started by default.
The System Manager Console provides an user interface for “Activation” of Serviceability Agents, establishment of SNMPv3 User Profiles and management and establishment of SNMP target profiles and their management. The SNMPv3 user profiles and target profiles are assigned to the SMGR and managed element’s(for e.g Session Manager) serviceability agents via usage of SNMPv3 “SET” operations on the following standard MIBs supported by the Net-SNMP master agent:
➢ USM MIB(RFC 3414)
➢ VACM MIB(RFC 3415)
➢ Target MIB(RFC 3413)
➢ Notification MIB(RFC 3413).
3. Managing SNMPv3 User Profiles and SNMP Target Profiles
The System Manager console allows administrators to manage SNMPv3 users profiles and SNMP target profiles at the serviceability agents.
3.1 Activate the Serviceability agents
The Serviceability Agents page lists all the serviceability agents (of the elements and System Manager itself) which has R6.2 Serviceability Agents and registers with the System Manager.
Activation is a mandatory step required to manage SNMPv3 users and Notification destinations in the serviceability agent(s). In this step the pre-configured SNMPv3 users are deleted and new SNMPv3 users (newly entered during System Manager deployment) are created in the serviceability agent.
a) From the SMGR dashboard select HOME tab and select Inventory from Elements.
[pic]
b) Choose Manage Serviceability Agents > Serviceability Agents.
[pic]
c) The Serviceability Agents page shows the agent list and all of their “status” will be inactive at the beginning.
[pic]
Select any serviceability agent and the “Activate” button will be enabled. Click on that and that will activate the agent and make it manageable.
3.2 Customizing SNMPv3 users
Select the Manage Serviceability Agent > SNMPv3 User Profiles. The SNMPV3 User Profiles page is to list, view create, edit and delete SNMPv3 users. Click on “New” button to create a new SNMPv3 user.
[pic]
Fill in the details from the “New User Profile” page and click on “Commit”, that user profile will be created. If the SNMP user profile is to be used for SNMPv3 Target profiles only then the “Privilege (as shown in the screenshot below)” should be “None”. If the SNMPv3 User profile is for the purpose of GET or GET and SET operation from NMS then the privileges should be “Read” or “Read/Write” respectively.
[pic]
To edit a SNMPv3 user select the user and click on “Edit” button. From the “Edit User Profile” page change the SNMPv3 User profile and click on “Commit” button.
[pic]
Similarly one can list and delete SNMPv3 users from this “SNMPv3 User Profiles” page. One cannot “Edit” and “Delete” the SNMPv3 user profile if it is already assigned to any target profile or serviceability agent. Before editing or deleting SNMPv3 User Profile, the users must be detached from the agents and the target profiles.
3.3 Customizing Target Profiles
Select the Manage Serviceability Agents > SNMP Target Profiles. The “SNMP Target Profiles” page lets us create, view, edit and delete SNMP v2/v3 target profiles. Click on “New” button from the “SNMP Target Profiles” page to create a new SNMP target profile.
[pic]
Provide the target details, and assign a user profile from the “Attach/Detach User Profile” only if this is a v3 target profile.
[pic]
If the chosen protocol is “V3” then assign the SNMPV3 user to the v3 target profile and click on “Commit” button. The SNMP v3 target profile will be created.
[pic]
Similarly a v2 target profile can be created, only the protocol should be “V2” in the “New Target Profile” page and no SNMPv3 User has to be assigned from the “Attach/Detach User Profile” tab.
To edit a target profile, select the target profile from the “SNMP Target Profiles” page and click on the “Edit” button. From the “Edit Target Profile” page make the changes to the target profile and click on “Commit” button.
[pic]
Similarly the target profile can be viewed and deleted by clicking on the “View” and the “Delete” button from their respective pages. One cannot “Edit” and “Delete” the target profile if it is already assigned to any serviceability agent, for editing or deleting the target profile it must be detached from the agents first.
3.4 System Manager Target Profile
For System Manager there is a traplistener configuration which lists what the System Manager details are for authentication protocol, privacy protocol, their passwords, SNMPV3 user, v2 community string and the port. Internally the System Manager target profile is already created and assigned to its own serviceability agent. If anything is changed in the traplistener configuration then a new SMGR target profile has to be created and assigned to the SMGR’s serviceability agent and other element’s serviceability agents which want to send notifications to SMGR.
The traplistener profile can be viewed/changed from the Configuration > Settings > SMGR > Traplistener link. One should “take caution in modifying this parameter”.
[pic]
3.5 Assigning/attaching SNMPv3 User profiles and snmp target profiles to serviceability agents
Customers can add their NMS as a trap destination by performing the following steps:
1. Create SNMv3 User profile(s) following steps as in 3.2 Customizing SNMPv3 users. If the SNMPv3 User profile is for the purpose of GET or GET and SET operation from NMS then the privileges should be “Read” or “Read/Write” respectively.
2. Create new SNMPv3 or SNMPv2 Target profile(s) following steps as in 3.3 Customizing Target Profiles.
3. Assign the target profile(s) to the elements’ serviceability agent(s) as mentioned below:
Select “activated” agent(s), the “Manage Profiles” button will be enabled. Click on “Manage Profiles” button.
[pic]
The “Manage Profile” page has three tabs, “Selected Agents” shows the list of selected agents.
[pic]
In the “Snmp Target Profiles” we can select “Assignable Profiles” and “Assign” them to the selected serviceability agent(s). We also can select “Removable profiles” and “Remove” them from the selected serviceability agent(s).
[pic]
From the “SNMPV3 User Profiles” tab we can assign SNMPv3 user profiles. If we click on “Commit” the User Profiles and the Target Profiles will be assigned to that Serviceability Agent(s We also can select “Removable profiles” and “Remove” them from the selected serviceability agent(s).
[pic]
4. Supported MIB Groups
The System Manager SNMP agent provides basic IP discovery and platform monitoring capabilities. It supports the following industry standard MIBs:
• SNMPv2-MIB
• IFC-MIB
• TCP-MIB
• UDP-MIB
• HOST-RESOURCES-MIB, with the exception of the HOST-RESOURCES-MIB::hrSWRun and HOST-RESOURCES-MIB::hrSWInstalled MIB groups
• SNMP-MPD-MIB
• SNMP-FRAMEWORK-MIB
• SNMP-TARGET-MIB
• SNMP-NOTIFICATION-MIB
• SNMP-USER-BASED-SM-MIB
• SNMP-VIEW-BASED-ACM-MIB
• IP-MIB
• IPV6-MIB
• IPV6-TCP-MIB
• IPV6-UDP-MIB
• RMON-MIB
• EtherLike-MIB
• IP-FORWARD-MIB
• DISMAN-EVENT-MIB
• DISMAN-SCHEDULE-MIB
• SNMP-USM-DH-OBJECTS-MIB
• SCTP-MIB
5. System Manager Event Codes
A list of System Manager Event Codes is presented in the attached sheet.
[pic]
System Manager provides a configuration file for easy integration with HPOV and IBM Tivoli. The Data from the attached configuration file can be merged into “trapd.conf”.
[pic]
6. Appendix A
Supported MIBS
The MIBs supported by the System Manager SNMP agents are shown in the table below. The MIB files themselves are included here for convenience. The Avaya specific MIB are listed in the RFC column. The MIB file can be viewed using WordPad.
|MIB |RFC |MIB ASN1 File |Notes |
|(1) MIB-II |RFC3418 |[pic] |MIB-II |
|(2) SNMP-IF-MIB |RFC1229 |[pic] |SNMP Interface Support |
|(3) SNMP-TCP-MIB |RFC4022 |[pic] |Module to support TCP implementations|
|(4) SNMP-UDP-MIB |RFC4113 |[pic] |Module to support UDP implementations|
|(5) HOST-RESOURCES |RFC2790 |[pic] |IETF Host Resources MIB |
|(6) INADS-ALARM |N/A |[pic] |INADS alarm trap definition for SNMP |
| |Avaya Specific | |traps forwarded from System Manager |
| | | |server. |
|(7) AVAYA-GENERAL |N/A |[pic] |Contains the Avaya root MIB tree |
| |Avaya Specific | |definition – required by INADS-ALARM |
| | | |MIB. |
|(8) SYSTEM-MANAGER |N/A |[pic] |System Manager application enterprise|
| |Avaya Specific | |specific MIB |
|(9) SNMP-MPD-MIB |RFC 3412 |[pic] |The MIB for Message Processing and |
| | | |Dispatching |
|(10) SNMP-FRAMEWORK-MIB |RFC 3411 |[pic] |The SNMP Management Architecture MIB |
|(11) SNMP-TARGET-MIB |RFC 3413 |[pic] |This MIB module defines MIB objects |
| | | |which provide mechanisms to remotely |
| | | |configure the parameters used by an |
| | | |SNMP entity for the generation of |
| | | |SNMP messages. |
|(12) SNMP-NOTIFICATION-MIB |RFC 3413 |[pic] |This MIB module defines MIB objects |
| | | |which provide mechanisms to remotely |
| | | |configure the parameters used by an |
| | | |SNMP entity for the generation of |
| | | |notifications. |
|(13) SNMP-USER-BASED-SM-MIB |RFC 3414 |[pic] |The management information |
| | | |definitions for the SNMP User-based |
| | | |Security Model. |
|(14) SNMP-VIEW-BASED-ACM-MIB |RFC 3415 |[pic] |The management information |
| | | |definitions for the View-based Access|
| | | |Control Model for SNMP. |
|(15) IP-MIB |RFC 4293 |[pic] |The MIB module for managing IP and |
| | | |ICMP implementations, but excluding |
| | | |their management of IP routes. |
|(16) IPV6-MIB |RFC 2465 |[pic] |The MIB module for entities |
| | | |implementing the IPv6 protocol. |
|(17) IPV6-TCP-MIB |RFC 2452 |[pic] |The MIB module for entities |
| | | |implementing TCP over IPv6. |
|(18) IPV6-UDP-MIB |RFC 2454 |[pic] |The MIB module for entities |
| | | |implementing UDP over IPv6. |
|(19) RMON-MIB |RFC 2819 |[pic] |Remote network monitoring devices, |
| | | |often called monitors or probes, are |
| | | |instruments that exist for the |
| | | |purpose of managing a network. This |
| | | |MIB defines objects for managing |
| | | |remote network monitoring devices. |
|(20) EtherLike-MIB |RFC 3635 |[pic] |The MIB module to describe generic |
| | | |objects for ethernet-like network |
| | | |interfaces. |
|(21) IP-FORWARD-MIB |RFC 4292 |[pic] |The MIB module for the management of |
| | | |CIDR multipath IP Routes. |
|(22) DISMAN-EVENT-MIB |RFC 2981 |[pic] |The MIB module for defining event |
| | | |triggers and actions for network |
| | | |management purposes. |
|(23) DISMAN-SCHEDULE-MIB |RFC 3231 |[pic] |This MIB module defines a MIB which |
| | | |provides mechanisms to schedule SNMP |
| | | |set operations periodically or at |
| | | |specific points in time. |
|(24) SNMP-USM-DH-OBJECTS-MIB |RFC 2786 |[pic] |The management information |
| | | |definitions for providing forward |
| | | |secrecy for key changes for the |
| | | |usmUserTable, and for providing a |
| | | |method for 'kickstarting' access to |
| | | |the agent via a Diffie-Helman key |
| | | |agreement. |
|(25) SCTP-MIB |RFC 3873 |[pic] |The MIB module for managing SCTP |
| | | |implementations. |
|(26)AV-AURA-SERVICEABILITY-AGENT-MI|N/A |[pic] |This MIB module is used by |
|B |Avaya Specific | |Serviceability Agent for sending |
| | | |optional varbinds for the |
| | | |completeness of trap message. |
7. Appendix B
Remote Access to System Manager CLI
[pic]
1. To access System Manager’s CLI, a network tunnel must be established with the SAL Gateway (present on the System Platform U-dom) and session established with System Manager through that tunnel. All subsequent requests to System Manager will be through the SAL Gateway.
To establish the tunnel, a technician must have access to the Axeda enterprise using a valid e-token. Also, the SAL Gateway needs to be configured to point to that Axeda enterprise. The configuration in the SAL Gateway will involve:
1. Setting a unique Solution Element ID (SEID) for the SAL Gateway. This ID will be used to identify this SAL Gateway from the list of SAL Gateways available for access from the Axeda enterprise.
2. Setting the remote access configuration of the SAL Gateway to point to the required Axeda enterprise.
3. Adding System Manager as a managed element in the SAL Gateway. The System Manager element will also require a unique SEID.
2. Avaya Technician establishes a connection with the SMGR through a tunnel established between Axeda Enterprise and the SAL Gateway.
3. Avaya Technician sends a SSH connection request to the System Manager (e.g. via putty). The request points to localhost instead of the System Manager’s IP address.
4. System manager authenticates the technician based on the ASG Challenge/Response. This is an optional step and may not be involved if local users are present for ssh access in the System Manager.
-----------------------
Avaya
NOC
Avaya Issued Certificate signed by VeriSign
SAL GW
SMGR
Customer Network
System Platform
1
2
3
4
Network Tunnel
Avaya NOC
AXEDA
Network Tunnel
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.