Creating Management Access

[Contents] [Prev] [Next] [Index] [Report an Error]

Creating Management Access
Usually, a system administrator or network specialist determines who is permitted or denied access to certain network management functions. The NMC-RX application uses SNMP to provide security features for the purpose of safeguarding critical network information.

A proprietary SNMP Community Table governs access to an SNMP server by an SNMP client. This table identifies those communities that have different permission levels to the SNMP MIB stored on a particular server. When an SNMP server receives a request, the server extracts the client's IP address and the community name. The SNMP server's Community Table is searched for a matching community. The server's access list is then used to validate the IP address. Access is determined by validation of these criteria.

Creating Management Access Entries

After you create a management access entry, you can create access list entries and associate them with the newly created management access entry. The NMC-RX application propagates the access list entry number from the management access entry to the access list. One or more access list entries can be associated with a single management access entry.

To create a management access entry:

From the Device-wide Explorer, click Virtual Routers, right-click, and click List All.

The names of all the virtual routers created for this device appear in the list area. This list always includes a default virtual router preconfigured on your E-series device. It also includes any additional virtual routers that you have created.
Click a virtual router in the list, right-click, select Create, and click Mgmt Access Entry.

The Create Management Access Entry dialog box appears.
Set the management access entry parameters (Table 18).
 Table 24:  Management Access Entry Parameters  

 Parameter
 Description

 Virtual Router Name

 Name of the virtual router for which you are creating the management access entry. Name is automatically propagated by the system from the name you previously selected.


 Community Name

 Name of the SNMP community. A text string of 1-31 characters. Community name acts as a password and is used to authenticate messages sent between an SNMP client and a router containing an SNMP server. Every packet between the client and the server contains the community string.


 Security Privilege

 Access level assigned to the community name:

   Read-Only—Allows read-only access to the entire MIB except for SNMP configuration objects
   Read-Write—Allows read-write access to the entire MIB except for SNMP configuration objects
   Admin—Allows read-write access to the entire MIB



 Access List Name

 Name identifies the list. The IP access list identifies those IP addresses of SNMP clients permitted to use a given SNMP community. 



 
Click OK.
The system saves the management access entry.

Creating Access List Entries

Before you can create access list entries from the management access entry, you must list the available management access entries. When you create an access list entry for a management access entry, you establish an association.

To create an access list entry:

From the Device-wide Explorer, open the Virtual Routers folder.

Click Mgmt Access Entries, right-click, and click List All.

In the list area, select the management access entry for which you want to create an access list, right-click, select Create, and click Access List Entry.

The Create Access List Entry dialog box appears.
Set the access list entry parameters (Table 19).
 Table 25:  Access List Entry Parameters 

 Parameter
 Description

 Access List Name

 Name identifies the list. The IP access list identifies those IP addresses of SNMP clients permitted to use a given SNMP community. 


 IP Address

 IP address of the management station communicating through SNMP to a device


 Address Mask

 IP mask of the management station communicating through SNMP to a device


 Access Capability

 Access permission:

   Permit—Access is allowed
   Deny—Access is not allowed




 
Click OK.
The new access list entry is created.

Parameter	Description
Virtual Router Name	Name of the virtual router for which you are creating the management access entry. Name is automatically propagated by the system from the name you previously selected.
Community Name	Name of the SNMP community. A text string of 1-31 characters. Community name acts as a password and is used to authenticate messages sent between an SNMP client and a router containing an SNMP server. Every packet between the client and the server contains the community string.
Security Privilege	Access level assigned to the community name: Read-Only—Allows read-only access to the entire MIB except for SNMP configuration objects Read-Write—Allows read-write access to the entire MIB except for SNMP configuration objects Admin—Allows read-write access to the entire MIB
Access List Name	Name identifies the list. The IP access list identifies those IP addresses of SNMP clients permitted to use a given SNMP community.

Parameter	Description
Access List Name	Name identifies the list. The IP access list identifies those IP addresses of SNMP clients permitted to use a given SNMP community.
IP Address	IP address of the management station communicating through SNMP to a device
Address Mask	IP mask of the management station communicating through SNMP to a device
Access Capability	Access permission: Permit—Access is allowed Deny—Access is not allowed

[Contents] [Prev] [Next] [Index] [Report an Error]