Configurating the Agent Interface
The Tellabs 1100 /OLT Series NEs support the capability to configure and use an SNMPv3 agent directly to the Ethernet Switch Unit for monitoring, polling performance statistics, and alarm management purposes.
The SNMP Agent on the network element supports the standard MIBs (Interface, RMON, and MIB II) used by common SNMP management applications that are available in the industry. One proprietary Tellabs MIB definition is supported to define notifications.
This section describes how to configure the network element’s SNMP Agent interface via the Panorama PON GUI as well as how to setup User Administration and Notification (trap) Destination configuration.
 |
Note: The SNMP Agent application on the Tellabs 1100 Series Ethernet Switch Unit (ESU) network element hardware is disabled initially with the software load that is shipped with the module. This ensures that the SNMP interface cannot be accessed until it is configured according to the desired security policy. |
SNMP User Administration
|
Note: To perform this procedure, the user must be logged on at the Security Admin security level. |
The SNMP Agent supports the User-based Security Model (USM) defined in RFC 3411. Before creating users, one should determine the security implementation desired. For example, if encrypted authentication is desired then only SNMPv3 can be used. If SNMPv1 or SNMPv2 is required to communicate with existing SNMP managers that do not support SNMPv3, then these methods must be used.
The Panorama PON supports pre-configured roles for SNMP Users. These are Administrative, Read/Write and Read Only. Each User role maps to a pre-defined View-Based Access control.
Sending of notifications/traps is associated with a user configuration that selects the community string or SNMPv3 user credentials to use when sending the trap.
If there are no users defined, then the device cannot be accessed by SNMP.
Use the following procedure to create or modify SNMP Users:
- In the Main Menu Bar, select Edit > SNMP User Administration (ALT+E, ALT+M). The SNMP User Configuration dialog displays.
- To add an SNMP User, select Add from the SNMP User Configuration dialog. A pop-up window is used to enter new SNMP User configuration information. Refer to the table below for field descriptions.
Add SNMP User Configuration Fields
|
Group/Property Field
|
Description |
| Name | User name. |
| Security Model |
Selects either Community-based security (SNMPv1 or SNMPv2C) or User Security Model (SNMPv3):
|
| Community |
A valid SNMP community string when Security Model is set to V1 or V2C. Not required if Security Model is set to USM. |
| Security Level |
Valid when Security Model is set to USM:
|
| Authen Protocol |
Valid when Security Model is set to USM and Security Level set to either AUTH_NOPRIV or AUTH_PRIV:
|
| Authen Password | Password to be used in the hash message authentication code (HMAC) . The password must be at least eight characters. |
| Priv Protocol |
Valid when Security Model is set to USM and Security Level set to AUTH_PRIV:
|
| Priv Password | Used to create the encryption key for payload encryption. Must be at least eight characters. |
| Role |
Roles a user can be associated with. These roles are predefined.
|
|
Note: The system does not restrict Community-based users to specific IP addresses or subnets. |
- Fill in the appropriate fields for the Add SNMP User dialog pop-up and then select the Ok button. The new SNMP User now appears listed in the SNMP User Configuration dialog.
- Change the fields for the SNMP User Configuration dialog, as required, using the Modify button and then the Ok button.
Set Notification (Trap) Destination Configuration
In order for the device to directly send SNMP notifications (traps and information) to the appropriate SNMP manager application, the Notification Destination needs to be configured for the SNMP Agent of each OLT.
To configure the SNMP Notification Destination information, go to Configuring SNMP Options.
Enable the SNMP Agent
|
Note: To perform this procedure, the user must be logged in as a Security Admin. |
Within an administrative domain, the snmpEngineID is the unique and unambiguous identifier of an SNMP agent/engine. There is one SNMP Agent/engine per OLT so there is one snmpEngineID per OLT (ESU).
The format of the snmpEngineID uses the preferred structure as defined in RFC3411. To set the snmpEngineID, go to the Common Tree view and select the OLT.
Use the following procedure to enable the SNMP Agent on the OLT:
- From the Common Tree view, right-click the OLT, and then select Property. Select the SNMP tab. The SNMP Agent dialog displays:
- If the SNMP Agent is not enabled, click Enable SNMP Agent. The Admin String field is populated with the IP address (default) of the SNMP Agent and the Option radial buttons become active.
For the Option button, select either IP Address (default) or Customized to use for the unique identifier portion of the snmpEngineID. If an IP Address is selected, the IPv4 or IPv6 IP address of the network element is used. - If Customized is selected for the SNMP Agent configuration option, enter a unique identifier text string for the network element, up to 27 characters. This creates an engine ID consisting of the Tellabs enterprise value of 8575 hex text format value and the text string in the "Admin String" text box.
Note: The Admin String should be unique for all SNMP agents that are accessed via a single SNMP manager in the network. It is the user’s responsibility to ensure that the string is unique as this is not enforced by the system. - When finished, click on the Apply button. A confirmation message is displayed.