User's Manual Part 2

ManualsBrandsCascade Networks ManualsElectronicsMotorola Canopy compatible Wireless Internet Acces

121

122

123

124

125

126

127

128

129

130

Release8InstallationandConfigurationGuide



Issue2,November2007 Draft5forRegulatoryReview 280

The Community String value is clear text and is readable by a packet monitor.

Additional security derives from the configuration of the Accessing Subnet, Trap

Address, and Permission parameters.

Accessing Subnet

Specify the addresses that are allowed to send SNMP requests to this SM. Prizm or

the NMS has an address that is among these addresses (this subnet). You must enter

both

• The network IP address in the form xxx.xxx.xxx.xxx

• The CIDR (Classless Interdomain Routing) prefix length in the form /xx

For example

• the /16 in 198.32.0.0/16 specifies a subnet mask of 255.255.0.0 (the first 16 bits

in the address range are identical among all members of the subnet).

• 192.168.102.0 specifies that any device whose IP address is in the range

192.168.102.0 to 192.168.102.254 can send SNMP requests to the SM,

presuming that the device supplies the correct Community String value.

The default treatment is to allow all networks access (set to 0). For more information on

CIDR, execute an Internet search on “Classless Interdomain Routing.”

RECOMMENDATION:

The subscriber can access the SM by changing the subscriber device to the

accessing subnet. This hazard exists because the Community String and

Accessing Subnet are both visible parameters. To avoid this hazard, configure

the SM to filter (block) SNMP requests. See Filtering Protocols and Ports on

Page 382.



Trap Address 1 to 10

Specify ten or fewer IP addresses (xxx.xxx.xxx.xxx) to which trap information should be

sent. Trap information informs Prizm or an NMS that something has occurred. For

example, trap information is sent

• after a reboot of the module.

• when Prizm or an NMS attempts to access agent information but either

• supplied an inappropriate community string or SNMP version number.

• is associated with a subnet to which access is disallowed.

Read Permissions

Select Read Only if you wish to disallow Prizm or NMS SNMP access to configurable

parameters and read-only fields of the SM.

Site Name

Specify a string to associate with the physical module. This parameter is written into the

sysName SNMP MIB-II object and can be polled by Prizm or an NMS. The buffer size for

this field is 128 characters.