Packeteer Home Page Choose a PacketGuide version   

 Feedback

 Search

 Index

 Contents

What's New?

 Home

 PolicyCenter Home

 Overviews
    Adaptive Response
    ATM
    Auto-deployment
    Classification
    Compression
    Control Strategy
    Customer Portal
    Events
    Flow Detail Records
    Frame Relay
    High Availability
    Matching Rules
    Partitions
    Plug-ins
    Policies
    PolicyCenter
    ReportCenter
    Response Time Measurement
    SNMP
    Traffic Tree
    Watch Mode

 Recommendations

 Tasks

 PolicyCenter Tasks

 Reference

 Product Information
   Documents


SNMP Overview

PacketWise includes a Simple Network Management Protocol (SNMP) agent and Packeteer enterprise Management Information Bases (MIBs). Using an SNMP management program, you can:

  • Poll the PacketShaper for status information
  • Read current values for the options described in the Packeteer proprietary MIB
  • Retrieve response time measurement information from the PacketShaper

You can configure PacketWise to send unsolicited messages to any SNMP trap listener. These messages fall into two categories.

  • Packeteer Trap messages report alarm conditions configured by default in PacketWise, for example a Power Supply Failure message is sent if a PacketShaper's power supply fails. These are generally the same alarm conditions as might be reported at login to the browser interface on the Info page. See Packeteer SNMP Traps for a list of supported traps.
  • Event Trap messages alert you to incidents you explicitly configure PacketWise to report. There are two features that support event trap messages: adaptive response and user events. For details on configuring an agent to send an SNMP trap when a threshold is crossed, see Add or Edit Adaptive Response Action Files. Refer to Overview of Event Notification for more information on configuring events.

PacketWise 8.3.x and later supports SNMPv1, SNMPv2c and SNMPv3. Earlier versions of PacketWise SNMPv1 and SNMPv2c only.

  • SNMPv1 relies on IP address-based access lists and community strings for authentication.
  • SNMPv3 provides greater security features for authentication, privacy, and access control.

Installation

SNMP agents are automatically installed on PacketShaper appliances. No additional re-configuration is required for the PacketShaper to function as it did with its previous SNMPv1 configuration.

SNMPv1

By default, SNMPv1 (and SNMPv2c) is turned off until you set the look community string (password). You must set the look community string so that PacketWise MIB information can be accessed by network management platforms and network management stations. Once the touch community string is set, you can use a network management platform, such as HP OpenView, to set MIB variables.

To set the PacketWise read and write community strings via the browser interface, see Configure PacketWise for SNMPv1 Support. See the command-line interface index to view the complete list list of setup snmp commands.

SNMPv3

SNMPv3 provides a flexible and powerful framework for message security and access control. SNMPv3 authenticates packets with MD5 or the Secure Hash Algorithms (SHA), to ensure that a packet has not been tampered with in transit. This feature addresses the need for strong data origin authentication, unlike earlier versions of SNMP (v1 and v2c). SNMPv3’s encryption feature provides additional security with Data Encryption Standard (DES) 56-bit encryption to hide the contents of an SNMP packet from unauthorized users. SNMPv3 also offers protection against replay attacks and message stream modification by checking timestamps and message stream integrity.

SNMPv3 encompasses a user-based security model for network management communications. Rather than using the two "read" and "write" community strings of prior SNMP implementations, administrators can create specific accounts for each SNMP user and grant privileges through those user accounts. With SNMPv3, each user must belong to a group with a defined security model and security level, as well as a group access policy which specifies which SNMP objects the users can access, and which notifications the group's users will receive.

Model Level Authentication Encryption Model Features

SNMPv1

SNMPv2c
noAuthNoPriv

community string
No
Communication without encryption.Uses a community string match for authentication. This option provides no security, confidentiality, or privacy at all, though it might be useful for certain applications such as development and debugging.
SNMPv3
noAuthNoPriv
No
No
Communication without encryption or authentication. This option provides no security, confidentiality, or privacy at all, though it might be useful for certain applications such as development and debugging.
SNMPv3
authNoPriv
MD5 or SHA
No
Communication without encryption. Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Users must be authenticated before they access any of the values in the MIB objects on the agent.

SNMPv3
authPriv
MD5 or SHA
DES
3DES
AES-128
AES-192
AES-256
Communication with both authentication and encryption. Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides AES encryption, DES encryption, or 3DES encryption in addition to authentication. Users must be authenticated before they access any of the values in the MIB objects on the agent. In addition, all of the requests and responses from the management application to the SNMPv3 entity are encrypted, so that all the data is secure.

You enable the SNMPv3 functionality by defining values for users, access groups, views, notification, remote users and target values. For details, see Configure PacketWise for SNMPv3 Support. SNMPv3 tables can only be configured via the command-line or browser interfaces of the individual PacketShaper. PacketWise 8.3.x does not support the use of 3rd-party network management platforms (such as HP OpenView) to set MIB variables.

For further information about using SNMPv3, you can download the Packeteer SNMP User Guide:

  1. On the Packeteer support website, navigate to Software.
  2. Go to Software Utilities.
  3. Download the SNMP Guide for PacketWise 8.3.

Complex Mode SNMPv3 Configuration

Complex mode configuration allows users to manually edit individual SNSNMPv3 tables via the command-line interface. Complex mode is only recommended for advanced users with previous experience working with SNMPv3, as this mode does not display error messages for incorrectly configured settings that can prevent SNMP from working correctly.

See the command-line interface index to view the complete list list of complex mode snmp commands. Note that complex mode should only be used in PolicyCenter to set SNMPv3 values for an individual unit configuration. Any complex mode SNMPv3 values set on a PolicyCenter sharable configuration will not be inherited by units assigned to that configuration.

Supported SNMP MIBs

Packeteer is the authoritative source of the following MIB files, which can be downloaded from the Packeteer support site. Note that only PacketShapers and PolicyCenter running PacketWise version 8.3.x or later support the PACKETEERv2-MIB.mib and PACKETEERRTMv2-MIB.mib MIBs.

PACKETEERv2-MIB.mib

Packeteer's SNMP MIB (for SNMPv1, v2c and v3)

This MIB contains the variables that you can query on a PacketShaper running PacketWise 8.3.x or later. There are three tables for measurement data. The Link table contains measurement variables about each physical network interface on the PacketShaper. The Partition and Class tables contain measurement variables about each defined partition and traffic class, respectively.

In addition to measurement variables, the MIB contains a number of predefined traps; see Packeteer SNMP Traps for a description of the traps included in the Packeteer MIB.

PACKETEERRTMv2-MIB.mib

Packeteer's Response Time Measurement MIB for SNMPv1, v2c and v3

This MIB contains the measurement variables related to Packeteer's Response Time Measurement (RTM) feature, including variables that track delay (total, network, and server), thresholds, and slow transactions. There are seven tables for response time configuration information or data about classes in the traffic tree. For more information about RTM, see RTM Overview.

Note: Since RTM is not available on ISP models, it is not necessary to download this MIB if you are using PacketShaper ISP.

Note: The packeteer.mib and packeteerRTM.mib files supported in earlier versions of PacketWise have been obsoleted in PacketWise version 8.3, and are no longer supported by PacketShapers running PacketWise 8.3.

PacketWise also supports several variables in the following standard MIBs. The suggested source for these files is http://www.ietf.org.

RFC Number RFC Title
RFC 1155 Structure and Identification of Management Information for TCP/IP-based Internets
RFC 1157

Simple Network Management Protocol

Note that we do not return values for the Object Type egpNeighTable.
RFC 1212 Concise MIB Definitions
RFC 1213


Management Information Base for Network Management of TCP/IP-based internets: MIB-II
We support following groups from MIB-2:

  • system
  • interfaces
  • address translation
  • ip (except for except the IP routing table)
  • icmp
  • tcp (tcpConnState is read-only)
  • udp (except for udpConnTable)

Note that Packeteer supported these groups in RFC 1156 before it was obsoleted by RFC 1213. RFC 1213 objects can be accessed with SNMPv1, v2, and v3 protocols
RFC 1215 Convention for defining traps for use with the SNMP
RFC 1493 Definitions of Managed Objects for Bridges. Packeteer supports only dot1Bridge (dot1dBase, dot1dTp)
RFC1901 Introduction to Community-based SNMPv2

RFC 2011		 SNMPv2 Management Information Base for the Internet Protocol using SMIv2
RFC 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2
RFC 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2
RFC 2578 Structure of Management Information Version 2 (SMIv2)
RFC 2579 Textual Conventions for SMIv2
RFC 2580 Conformance Statements for SMIv2
RFC 3410 Introduction and Applicability Statements for Internet Standard Management Framework
RFC 3411 An Architecture for Describing SNMP Management Frameworks
RFC 3412 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
RFC 3413 SNMPv3 Applications
RFC 3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 3415 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
RFC 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)

RFC 3417		 Transport Mappings for the Simple Network Management Protocol (SNMP)
RFC 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP). This document obsoletes definitions in RFC documents 1907.
RFC 3584 Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework

Note: PacketWise does not support the Diffie-Hellman USM key exchange described in RFC 2786

SNMP and ReportCenter

ReportCenter is a Packeteer software package designed to create various types of reports on the performance of a network equipped with Packeteer products. You can specify the IP address of a ReportCenter PC as an SNMP trap destination. The SNMP trap listener incorporated in ReportCenter will store Generic and Event Traps in a database for use in Generic Trap Reports and Event Trap Reports.

See also:

Configure PacketWise for SNMPv1 Support

Configure PacketWise for SNMPv3 Support

Packeteer SNMP Traps

Use Packeteer MIBs

 

PacketGuide™ for PacketWise® 8.3