SNMP (Simple Network Management Protocol) is a network protocol for monitoring and managing network elements. A manager can use this to query measured values, alarms and other variables of an SNMP agent. KentixONE is able to send data packets to a manager as well as receive data packets from an agent. In this case, KentixONE is the manager. SNMP also offers the option of independently sending messages to the manager as soon as a certain event occurs. Such an unsolicited notification is referred to as a “trap”.
SNMP configuration
To activate SNMP on a Kentix device, the corresponding checkbox must be selected. A list in the form of a CSV file with all measurement and configuration values provided by KentixONE can then be downloaded. Each value has a unique identifier (OID), which is defined by the ASN.1 standard is defined. In addition, an MIB file (Management Information Base) containing the OID tree structure can be downloaded from the Software section of the Kentix homepage. Each branch of the tree structure has a name and a number. As you move through the tree structure (MIB walk), the individual nodes become more and more specific.
After activating the SNMP function, a list of the OIDs generated for the element can be displayed for each element in the DetailView (alarm groups and devices).
When KentixOne receives a trap from an agent, KentixONE can retrieve all monitored OIDs of the agent again. A separate query is started for each configured OID.
SNMP accesses
In order for data to be exchanged between the agent and manager, access between the agent and manager must first be configured. The table lists all accesses created. Click on the “+” tab to create a new account and a new configuration window will appear.
General
To set up SNMP access, you must specify whether KentixONE is to act as an agent or as a manager. Three different SNMP types can be set for this purpose. KentixONE is the agent for the SNMP types “Provide data” and “Trap”. KentixONE is the manager for the “Receive data” type. A name and the SNMP version must be assigned to the access. The name of the access appears in the table of all created accesses and when adding SNMP sensors in the detail view and helps with their management. The SNMP version must match for both the agent and the manager. KentixONE supports SNMPv2 and SNMPv3, which differ mainly in the security of data packet transmission. Set the version accordingly. Newly created accounts are not active by default. This must be changed manually by clicking on the corresponding checkbox.
Traps
The menu item only appears if “Trap” is set as the SNMP type. Traps can be sent for the following events:
- Coldstart: An interruption in the power supply triggers a trap.
- Warm start: A restart of the device triggers a trap.
- Alarm: As soon as an alarm occurs, a trap is triggered.
- Alarm status change: As soon as the status of the alarm changes from alarm to no alarm or from no alarm to alarm, a trap is triggered. The change from acknowledgeable alarm to alarm also triggers a trap.
- Access: As soon as a SmartAccess access event occurs, a trap is triggered.
You can choose between two different display types for alarm and access traps. Bei einem strukturierten Alarm- oder Zutrittstrap werden die Alarmwerte in einem Datenpaket in einzelne OIDs gepackt und gesendet. Bei einem normalen Alarmtrap werden alle Alarmwerte, nur durch ein Komma getrennt, in einen einzigen OID gepackt und gesendet. Beim SNMP-Typ Änderung Alarmstatus werden die Traps immer als strukturierter Trap gesendet.
Authentication
The authentication depends on the SNMP version used.
Version 2 uses so-called communities for authentication between agent and manager. Communities are names that are transmitted by the SNMP service together with the request and represent a previously agreed key (pre-shared key).
From version 3, an authentication protocol and a privacy protocol can be selected. In addition to the two protocols, a user name must be assigned. This is used for authentication. SNMP 3 supports the following combinations:
- No authentication and no privacy protocol
- Authentication and no privacy protocol
- Authentication and privacy protocol
HMAC-MD5 (hash-based message authentication code) and HMAC-SHA can be selected as authentication protocols. SHA and MD5 are two different hash functions. As soon as an authentication protocol is used, the authentication password is also required.
With the “Authentication and Privacy Protocol” combination, a privacy protocol must be selected in addition to the authentication protocol mentioned above. The encryption algorithms DES (Data Encryption Standard), 3DES (Triple-DES), AES (Advanced Encryption Standard) and IDEA (International Data Encryption Algorithm) are supported. With the Advanced Encryption Standard, the key length must also be specified (AES128, AES192, AES256). The Advanced Encryption Standard also offers the option of using a 3DES-enhanced key. In addition to the protocol, the privacy password must be entered.
Settings
As soon as KentixONE wants to query data from an agent, the IP address of the host and the port on which the SNMP service is running are required.
As the SNMP type “Trap” sends an unsolicited data packet to the manager, the IP address of the host and the port must also be specified here. A heartbeat can also be configured. This is used for cyclical function control of the agent. The heartbeat interval specifies the length of the time interval between two heartbeat messages. To test the settings, a single heartbeat message can also be sent by clicking on the “Send trap” button.