NEC AMERICA, INC. Product Development Evaluation Division NEAX IPX /NEAX IPS. SNMP Implementation

NEC AMERICA, INC. Product Development Evaluation Division NEAX IPX /NEAX IPS SNMP Implementation

PRODUCT DEVELOPMENT EVALUATION DIVISION IPX/IPS SNMP Implementation NEC America, Inc. 6535 N. State Highway 161 Irving, Texas 75039-2402 Phone (800) 852-4632

Table of Contents Introduction i CHAPTER 1 SNMP Basics 1 The SNMP Model 2 Manageable Objects 2 The SNMP Protocol 3 SNMP Message Format 4 ASN.1 and BER 6 Structure of Management Information 7 Object Identifier 8 Management Information Base 10 SNMP Traps 13 CHAPTER 2 NEAX IPX SNMP Configuration 14 NEAX IPS SNMP Configuration 27 Address Translation Group 39 IP Group 40 ip Inbound Counters 40 ip Outbound Counters 41 Fragmentation Counters 41 ip Address Table 42 ip Route Table 43 Net to Media Table 44 ICMP Group 44 ICMP Inbound Counters 44 ICMP Variation Outbound Counters 45 ICMP Diagnostic Outbound Counters 45 TCP Group 46 TCP Connection Objects 47 TCP Segment Counters 47 TCP Connection Table 48 TCP MIB-II additions 48 CHAPTER 3 MIB Groups 35 System Group 36 Interface Group 37 iftypes 37 if Troubleshooting 38 if Inbound Counters 38 if Outbound Counters 39 UDP Group 49 UDP Table 49 EGP Group 49 EGP I/O Counters 49 EGP Neighbor Table 50 EGP Neighbor Table I/O Counters 50 EGP Group Completion 50 SNMP Group 51 SNMP Inbound Errors 51 SNMP Inbound Activity Counters 51 SNMP Outbound Errors 52 SNMP Outbound PDU Counter 52

CHAPTER 4 Supported MIB Groups by Platform 53 NEAX IPX 54 NEAX IPS 54 NEAX IPX Specific OID S 55 NEAX IPS Specific OID S 55 APPENDIX A 57 Security Issues 58 APPENDIX B 61 PBX-MIB-2000-2400 File 61 References 65

INTRODUCTION With the release of the NEAX 2400IPX and the NEAX IPS systems, managing each platform on a network environment has become a MUST know aspect of maintenance. It must be understood that a negative impact on the network by any of the two platforms must be rectified as soon as possible. As a shared environment, we must assure that our VoIP implementation does not cause any degradation to the network. In the event that it does, we must be prepared to identify the problem as quickly as possible. Both platforms incorporate, Translation through time-division multiplexing (TDM), where it uses either TDM equipment or VoIP gateways to translate from one protocol to another (TDM no.1 <-> VoIP <-> TDM no.2) or (VoIP no.1 <-> TDM <-> VoIP no. 2). It is the protocol side of the equation that SNMP relies on to gather information. SNMP (Simple Network Management Protocol) is widely used throughout the IT field, for the purpose of managing network devices such as routers, bridges, switches, hubs, Network Interface cards (NIC s), and now the PBX. The IAB (Internet Activities Board) recommends that all IP and TCP implementations be network manageable (RFC 1155). In its simplest form, network management is actually managing networked systems (devices) and the resources that tie them together. In the following chapters, we will attempt to give you the necessary tools for managing and troubleshooting the IPX / IPS as part of the network. It is assumed that the reader has general networking knowledge. I

SNMP FOR NEAX2000IPS/NEAX2400IPX Chapter 1 SNMP Basics This chapter is designed to familiarize the reader with SNMP terms, concepts and a description of Managers, Agents, SNMP and how they work. 1

The SNMP Model Simple Network Management Protocol (SNMP) uses a manager/agent communications concept. Vendors develop the manager software for retrieving the information from an agent. The manager, also known as the NMS (Network Management Station) requests the information in a certain format and the agent then makes the information available, or a reason why is not available. The communication can be two way: the manager asking the agent for a specific value ( the size of the largest datagram which can be sent/received on the interface ), or the agent telling the manager that something has gone wrong ( the current operational state of the interface ). The manager should also be able to change or set variables in the agent ( change the value of the default IP TTL to 64 ), in addition to reading them. Manageable Objects The Network Management Software uses the Manageable Objects Database (MOD) as a data dictionary of information it can retrieve from each managed device or agent. User Interface Management Application Managed System / Device (PBX) Network Management Engine Agent MOD MOD UDP IP SNMP IPX DDP UDP IP SNMP IPX DDP Network Interface Network Interface Figure 1-1 SNMP Model 2

Usually, the network administrator maintains the database by compiling one or more MIB s into the MOD. A MIB is a virtual database that identifies each manageable device on the network by its name, syntax, accessibility, status, a text description and a unique manageable-object Identifier (OID). These MIB s can be identified as either public, experimental or Private Enterprise. Details on MIB and OID will be discussed later on this chapter. The SNMP Protocol SNMP defines five types of messages that are exchanged between the manager and the agent. 1. get-request / fetch the value of one or more variables. 2. get-next-request / Fetch the next variable after one or more specified variables. 3. set-request / Set the value of one or more variables. 4. get-response / Return the value of one or more variables. The agent returns this message to the manager in response to the get-request, get-next-request and the setrequest. 5. trap / Notify the manager when something of significance happens on the agent. SNMP Manager SNMP Agent (PBX) get-request UDP port 161 get-response get-next-request UDP port 161 get-response set-request UDP port 161 get-response UDP port 162 trap Figure 1-2.Five SNMP operators 3

The first, three messages are sent by the manager to the agent, and the last two from the agent to the manager. These are typically referred to as the get, get-next, and set operators. Since four of the five SNMP messages are simple request-reply protocols, SNMP uses UDP as its transport protocol. Being that UDP is a connectionless protocol, therefore unreliable, a request from the manager may not arrive at the agent, and the agent s reply may not make it to the manager. As seen on figure 1-2., the manager sends its three requests to UDP port 161 and traps on UDP port 162. By using two different port numbers, a system can run both a manager and an agent. SNMP Message Format As stated earlier, SNMP uses UDP as its transport protocol. Therefore all five SNMP messages are encapsulated in a UDP datagram. This information can be captured and viewed using a network analyzer. Figure 1-3. shows the format of the five SNMP messages. IP datagram UDP datagram SNMP Message common SNMP header get / set header variables to get / set IP UDP version PDU type request error error community header header (0) type ID status index name value name value (0-3) (0-5) 20 bytes 8 bytes PDU agent trap specific time name type enterprise addr type code stamp value (4) (0-6) trap header interesting variables Figure 1-3. SNMP message format 4

The version is 0. This value is the version number minus one, the version of datagram being described in figure 1-3., is called SNMPv1. Other versions are SNMPv2 and SNMPv3. The community is a clear text password used between the manager and the agent. A common value used is the 6-character string public. Most SNMP software defaults to this community name. For security purposes, it is recommended that it be changed. Table 1-1. Shows the different values for the PDU type. PDU stands for Protocol Data Unit, another word for packet. PDU type PDU name 0 get-request 1 get-next-request 2 set-request 3 get-response 4 trap Table 1-1. PDU types for SNMP messages. The request ID is set by the manager when a get, get-next, and set are sent to the agent. The agent then responds with the get-response message, using the same request ID. The error status is an integer that the agent may return specifying an error. See Table 1-2 for values. error status 0 Name noerror toobig nosuchname badvalue readonly 1 2 3 4 5 generr Description all is OK agent could not fit reply into a single SNMP message operation specified a nonexistent variable a set operation specified an invalid value or syntax manager tried to modify a read-only variable some other error Table 1-2. SNMP error status values The error index is an integer offset that specifies which variable was in error. It is only set by the agent for the nosuchname, badvalue and readonly errors. Note: The trap message format will be discussed later in the chapter. 5

ASN.1 and BER The details of ANS.1 and BER are only important to software developers of SNMP. They are not critical to the understanding of network management. It is included in the chapter for the purpose of understanding where the actual translation occurs. ASN.1 is a language that describes data and the properties of the data. It does not tell you how the data is stored or encoded. Fields in the MIB and SNMP messages are described using ASN.1. As an example, the definition for the data type IpAddress from the SMI (Structure of Management Information, RFC 1155), looks like this: IpAddress ::= {APPLICATION 0} -- in network-byte order IMPLICIT OCTET STRING (SIZE (4)) From the MIB (Management Information Base, RFC 1156) the definition of a simple variable looks like this: UdpNoPorts OBJECT-TYPE SYNTAX Counter ACCESS Read-Only STATUS Mandatory DESCRIPTION The total number of received UDP datagrams for which there was no application at the destination port. :: = { udp 2 } Note: See SMI (Structure of Management Information) and MIB (Management Information Base), sections for details. 6

Structure of Management Information Structure of Management Information (SMI) identifies the type of data in the message and the database. ASN.1 is used to encode the information into a proper request and response. SNMP uses different data types. They are listed here without the ASN.1 encoding. INTEGER- Some variables are declared as an integer with no restrictions (e.g., the MTU of an interface), some are defined with specific values (e.g., the IP forwarding flag is 1 if forwarding is enabled, 2 if forwarding is disable). Others can be defined with a minimum and a maximum value (e.g., UDP and TCP ports numbers are between 0 and 65535). OCTET STRING- A string of 0 or more 8-bit bytes. Each byte has a value between 0 and 255. DisplayString- A string of 0 or more 8-bit bytes. OBJECT IDENTIFIER- See OID (Object Identifier) in this chapter. NULL- This indicates that the corresponding variable has no value. It is used as the value of all the variables in a get and get-next request. IpAddress- An OCTET STRING of length 4, with 1 byte for each byte of the IP address. PhysAddress- An OCTET STRING specifying a physical address (e.g., a 6-byte Ethernet Address). Counter- A nonnegative integer whose value increases monotonically from 0 to 2 32 1 (4,294,967,295), and then wraps back to 0. Gauge- A nonnegative integer between 0 and 2 32 1, whose value can increase or decrease, but latches at its maximum value. If the value increments to 2 32 1, it stays there until it is reset. The MIB variable tcpcurrestab is an example: it is the number of TCP connections currently in the ESTABLISHED or CLOSE_WAIT state. TimeTicks- A counter that counts the time in hundredths of a second since some epoch. For example, the variable sysuptime is the number of hundredths of a second that the agent has been up. SEQUENCE- This is similar to a structure in the C programming language. For example, the MIB defines a SEQUENCE named UdpEntry containing information about an agent s active UDP end points. Two entries are in the structure: 1. udplocaladdress, of type Ipaddress, containing the local IP address. 2. udplocalport. Of type INTEGER, in the range 0 through 65535, specifying the local port number. SEQUENCE OF- This is the definition of a vector, with all the elements having the same data type. 7

Object Identifier Object Identifiers (OID s) represent each manageable object with a unique sequence of numbers and names. RFC 1155 describes it as: a sequence of integers which traverse a global tree. OID s can also be described as a sequence of integers separated by decimal points. See Figure 1-4. These Identifiers are not assigned randomly, but are allocated by some organization that has responsibility for a group of identifiers. MIB (1) Enterprise (1) Directory (1) Management (2) Experimental (3) Private (4) Internet (1) DOD (6) Standard (0) Registration-Authority (1) Member-Body (2) Identified-Org (3) ITU-T (0) ISO (1) Joint-ISO-ITU-T (2) Root Figure 1-4. Object Identifiers in the Management Information Base. Each MIB starts with the Object Identifier of 1.3.6.1, and each of the nodes in the tree is also given a textual name. For example, the name that corresponds to Object Identifier 1.3.6.1.2.1 is iso.org.dod.internet.management.mib. The names are for ease of readability. In addition to the MIB Object Identifier shown in figure 1-4, we can also see one named, iso.org.dod.internet.private.enterprise (1.3.6.1.4.1). This is where vendor-specific MIB s (RFC 1700) are located. 8

Looking at figure 1-5., we can see that the NEC Corporation Private Enterprise code is 1.3.6.1.4.1.119 (iso.org.dod.internet.private.enterprise.nec Corporation). The private enterprise code then branches out to identify objects within the NEC Corporation private MIB. As figure 1-5., shows, the Object Identifiers (OID s) for the NEAX 2400 IPX and the NEAX IPS systems are as follows: 1.3.6.1.4.1.119.1.76.2 (iso.org.dod.internet.private.enterprise.neccorporation.1.pbx.ipx) note that the first branch within NEC Corporation is not identified. 1.3.6.1.4.1.119.1.76.3 (iso.org.dod.internet.private.enterprise.neccorporation.1.pbx.ips) note that the first branch within NEC Corporation is not identified. A network administrator would be able to identify these devices on the network as PBX s and each respective platform via the Network Management Station (NMS). IPX (2) IPS (3) PBX (76) Not Identified by NEC/J (1) NEC (119) MIB (1) Enterprise (1) Directory (1) Management (2) Experimental (3) Private (4) Internet (1) DOD (6) Standard (0) Registration-Authority (1) Member-Body (2) Identified-Org (3) ITU-T (0) ISO (1) Joint-ISO-ITU-T (2) Root Figure 1-5. NEC Corporation Private Enterprise Code 9

Management Information Base The Management Information Base (MIB) is the database of information maintained by the agent (IPX/IPS systems) that the SNMP manager (NMS) can query or set. The MIB is divided into groups such as system, interface, at (address translation), ip, icmp, tcp, udp, and so on. See figure 1-6. IPX (2) IPS (3) system (1) at (3) icmp (5) udp (7) interfaces (2) ip (4) tcp (6) PBX (76) Not Identified by NEC/J (1) NEC (119) MIB (1) Enterprise (1) Directory (1) Management (2) Experimental (3) Private (4) Internet (1) DOD (6) Standard (0) Registration-Authority (1) Member-Body (2) Identified-Org (3) ITU-T (0) ISO (1) Joint-ISO-ITU-T (2) Root Figure 1-6. Tree Structure We will use RFC 1213 MIB-II as an example for explanation. 10

By looking at figure 1-7., we can see that the UDP Group has four variables and a table containing two variables. udplocaladdress (1) udplocalport (2) udpentry (1) udpindatagrams (1) udpnoports (2) udpinerrors (3) udpoutdatagrams (4) udptable (5) MIB II 1.3.6.1.2.1.7 udp (7) 1.3.6.1.2.1.7 mib (1) Figure 1-7. Tree Structure of the UDP Group RFC 1156 (MIB I) defines the first four variables as: udpindatagrams The total number of UDP datagrams delivered to UDP users. udpnoports The total number of received UDP datagrams for which there was no application at the destination port. UdpInErrors The number of UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port. UdpOutDatagrams The total number of UDP datagrams sent from this entity. RFC 1213 (MIB II), adds a table and two variables, they are described as: UdpTable A table containing UDP listener information. UdpEntry Information about a particular current UDP listener. UdpLocalAddress The local IP address for this UDP listener. In the case of a UDP listener, which is willing to accept datagrams for any interface associated with the node, the value 0.0.0.0 is used. UdpLocalPort The local port number used for this UDP listener. Note: The IPX and the IPS support MIB II. MIB authors must define every managed object and its correct position in the MIB. 11

From the MIB (Management Information Base, RFC 1156) the definition of a simple variable looks like this: UdpNoPorts OBJECT-TYPE SYNTAX Counter ACCESS Read-Only STATUS Mandatory DESCRIPTION The total number of received UDP datagrams for which there was no application at the destination port. :: = { udp 2 } Where as: OBJECT-TYPE - gives a name to the manageable object, table or table-entry. SYNTAX The ANSI.1 type ObjectSyntax defines the different syntaxes, which may be used in defining an object type. (RFC 1155) ACCESS This field may be one of read-only, read-write, write-only or not accessible. STATUS This field may contain mandatory, optional or obsolete. DESCRIPTION A textual description of the semantics of the object type. In the example above, the UdpNoPorts is the second item in the MIB II UDP group at 1.3.6.1.2.1.7.2. 12

SNMP Traps RFC 1157 As we saw on Figure 1-2., SNMP Traps are sent to the manager via UDP Port 162. This message is sent to the manager when something has happened on the agent. Six specific traps are defined in RFC XXXX with a seventh one allowing vendors to implement an enterprise-specific trap. Figure 8. describes the values for the trap type in the trap message format in Figure 1-9. trap type 0 1 2 3 4 5 6 Name coldstart warmstart linkdown linkup Description Agent is initializing itself. Agent is reinitializing itself. An interface has changed from the up to the down state. An interface has changed from thedown to the up state. authenticationfailure A message was received from an SNMP manager with an invalid community. egpneighborloss An EGP peer has changed to the down state. enterprisespecific Look in the specific code field for information on the trap. Figure 1-8. Trap types PDU agent trap specific time name type enterprise addr type code stamp value (4) (0-6) trap header interesting variables Figure 1-9. SNMP Trap message format PDU type field =4 (trap) See Table 1-1. Enterprise field= sysobjectid Agent addr field= Agents IP Address Specific code field= enterprise specific code. This field is 0 on non-enterprise-specific traps Time stamp field= This is a TimeTicks value, representing the number of hundredths of a second since the start of an event. 13

Chapter 2 PBX SNMP Configuration This chapter takes the reader through the SNMP set up in the IPX and IPS systems. 14

NEAX IPX SNMP Configuration The NEAX IPX platform supports SNMP in R12 or higher. MIB-II is supported based on RFC 1158 and RFC 1213. Programming ASYD Index 86 bit 4 - Fault Info Automatic Printout Services (This bit reversed in some software) 0/1 Out of Service / In Service ASYDL Index 965 bit 0 - SNMP Activation 0/1= Out of Service / In Service Index 965 bit 5 - System Message automatic output to e-mail= 0/1 Out of Service/ In Service. Note 1 Index 965 bit 7 System Message automatic output to SNMP-Trap 0/1 Out of Service / In Service. Note 1 Note 1: The same system message cannot be output to MAT, System Printer, e-mail and SNMP-Trap simultaneously. When both bits in ASYDL, Index 965 bit 5 and bit 7 are assigned to 1, system message is output to e-mail prior to SNMP-Trap. Table 3. System Message Output Method Note 2: The asterisk ( * ), on table 3 indicates that other output methods will not be affected if the bit is set or not. 15

ADTM: Assignment of Data for TCP/IP Module This command is used to assign/delete the TCP/IP module data, such as IP address, default gateway, NIC card data and SNMP configuration. Figure 2-1. ADTM Command. Step 1. From the main menu type ADTM and press enter. Select the OPTIONS tab, highlight Configure SNMP and click on Execute. Step 2. The Configure SNMP window appears. Under Data to assign, select SNMP Activation from the pull down menu and click on Execute. Figure 2-2. Configure SNMP window 16

Step 3. The SNMP Activation window appears. Under Activate SNMP select, Yes and click Set. Figure 2-3. SNMP Activation window Step 4. A message box appears In order to confirm change of port number, please re-start TCP/IP module. Click OK. Clicking OK does not activate SNMP. This is just a reminder. Figure 2-4. Message Box Step 5. The Configure SNMP window appears. Select, System Group Information from the pull down menu and click on Execute. Figure 2-5. Configure SNMP window. 17

Step 6. The System Group Information window appears. Under System Description, enter how you would like the system to be described when the NMS fetches for the description of the device (PBX). This can be up to 128 characters in length. The following characters can be used: alpha (both capital and small letters), numeric (0-9),!, @, #, $, %, &, *, (, ), -, _, =, +, {, [, ], },, \, :, ;, <, >,, (comma),. (period),?, /. A maximum of 32 Object ID s can be entered (each ID is distinguished by a period). The range of one Object ID is 1-65535. This is fixed to 1.3.6.1.4.1.119.1.76.2. No entry is needed in the text box. See Chapter 1 Object Identifier for details. Click on Set. Figure 2-6. System Group Information window Step 7. The Configure SNMP window appears. Click on the drop down menu and select System, SNMP Group Information. Click on, Execute. Figure 2-7. Configure SNMP window 18

Step 8. The System, SNMP Group Information window appears. In the Contact Address text box, enter the name of a person, company, department etc., along with phone numbers, of who to contact in the event of an emergency or maintenance issues. Up to 64 characters. In the System Name text box, enter a name you want to give the device (PBX). This is useful when multiple systems are networked (IPTRK CCIS). Up to 64 characters. In the Location text box, enter the physical location where the system resides. This can be a bldg. Number within a campus, etc. If trap, is to be used, select Enable and click on Set. Figure 2-8. System, SNMP Group Information window Step 9. The Configure SNMP window appears. Select Community Information from the pull down menu and click on Execute. Figure 2-9. Configure SNMP window 19

Step 10. The Community Information window appears. Click, on Add. Figure 2-10. Community Information window Step 11. The Community Information sub menu appears. In the Community Name text box, enter the name of the SNMP manager. Up to 25 characters. Note: For security reasons, it is highly recommended that the Community Name be unique. Look at this as the PASSWORD between the SNMP manager and the agent (the PBX). Most SNMP manager software, default with the Community Name of public. In the IP Address of SNMP Manager text box, enter the IP Address of the SNMP manager. If trap was selected, this could be a different IP Address. 20

Under mode, select READ-ONLY or WRITING-ALLOWED. Note: Careful consideration should be given when granting WRITING-ALLOWED permission to personnel in the field. If not used properly, PBX performance can be compromised. Click OK. Figure 2-11. Community Information sub menu window Step 12. The Configure SNMP window appears. Select Trap Information from the pull down menu and click on Execute. Figure 2-12. Configure SNMP window. 21

Step 13. The Trap Information window appears. In the Trap text box, enter the Trap community name where the trap message is to be sent. In the IP Address of SNMP text box, enter the IP Address of the SNMP Manager and, click OK. Figure 2-13. Trap Information window. Step 14. The Trap information window appears, click on Set. Figure 2-14. Trap Information window. Note: The maximum number of trap destinations is four. Follow steps 12 through 14 to add additional destinations. 22

Step 15. The Configure SNMP window appears. Click on Close. Figure 2-15. Configure SNMP window. Step 16. The ADTM (Assignment of Data for TCP/IP Module) window appears. On the Options tab highlight, TCP/IP Module Control and click on Execute. Figure 2-16. ADTM (Assignment of Data for TCP/IP Module) window. 23

Step 17. The TCP/IP Module Control window appears. On the pull down menu select Restart and click on Execute. Figure 2-17. TCP/IP Module Control window Step 18. The message box below appears. Click OK. The TCP/IP protocol software will restart. Figure 2-18. ADTM Message Box. Note: In a dual system configuration, it is recommended that TCP/IP be restarted on the STD-BY side first, as TCP/IP services will be disrupted. All applications communicating with the PBX via TCP/IP will loose connectivity. This process opens UDP ports 161 and 162. 24

Step 19. A message box appears showing the progress of the TCP/IP restart. Figure 2-19. ADTM Progress Message Box Note: In a dual configuration system, switch over CPU s via the CMOD command or via the EMA card and follow steps 17 through 19 for the STD-BY CPU. Step 20. Backup the PBX using MEM_HDD command. Step 21. Reset the PBX for changes to take effect. Note: With MAT Version R15 and above, the ADTM command consolidates some entries as follows: 25

Figure 2-20 ADTM command in MAT Version R15 ---------------------- PROCEDURE COMPLETE-------------------------- 26

Figure 2-21. Configuration of SNMP Agent and SNMP Manager NEAX IPS SNMP Configuration The NEAX IPS platform supports SNMP in PN-CP24-A (3100) or higher. MIB-II is supported based on RFC 1158 and RFC 1213. Traps are not supported. Programming Step 1. SNMP Port Open CM0B YY=03 1 st Data = 00 2 nd Data = 0 :SNMP Port Open 1 (default) : SNMP Port not Open 27

Note: This opens UDP Port 161 ONLY. Step 2. System Data Backup CMEC Y=6 1 st Data = 0 2 nd Data = 0 Exe Step 3. Initialize PBX. Step 4. Permission to use the community name, ADMIN. Phase1 only. See Note below. CM0B YY=03 1 st Data = 01 2 nd Data = 0 :Allowed 1 (default) :Not allowed Note: The community name ADMIN cannot be changed. For the moment (for security purposes), it is recommended that this information only be given out to those in the field on a need to know basis i.e., Network Administrators etc. Proper steps have been taking to have this changed. (Phase 2) The NEAX IPS system sets the following MIB-II system information to fixed. SysDescr SysObjectID IPS 1.3.6.1.119.2.3.76.3 Unlike the NEAX IPX system, the NEAX IPS relies on the SNMP Manager to set the following variables: syscontact 28

sysname syslocation Programming Phase 2 (R6.2) When the system does not provide the Remote PIM over IP feature, only do the following programming. 29

30

31

--------------------------PROCEDURE COMPLETE------------------------------ 32

33

Table 3-33 Alarm Trap Information Table 3-33 Alarm Trap Information, cont. Figure 2-21. Configuration of SNMP Agent and SNMP Manager 34

Chapter 3 MIB Groups This chapter describes the different groups within MIB-II. 35

The System Group RFC 1213 The system group consists of seven variables and no tables. NAME OID SYNTAX ACCESS STATUS Description System (sys) 1.3.6.1.2.1.1 Group None mandatory Information about the SNMP Agent's System sysdescr 1.3.6.1.2.1.1.1 String to 255 RO mandatory A textual description of the system supported by this agent. sysobjectid 1.3.6.1.2.1.1.2 Object Id RO mandatory The vendor's OID of the agent in the system sysuptime 1.3.6.1.2.1.1.3 Time Ticks RO mandatory The hundred's of a second since agent was reinitialized. syscontact 1.3.6.1.2.1.1.4 String to 255 RW mandatory The contact person for this managed node and how to contact this person sysname 1.3.6.1.2.1.1.5 String to 255 RW mandatory Administrator assigned name for this node syslocation 1.3.6.1.2.1.1.6 String to 255 RW mandatory Physical location of node. sysservices see Table 3-1-1 1.3.6.1.2.1.1.7 Interger to 127 RO mandatory A value that indicates the set of services this system offers. Table 3-1 System Group NEAX IPX sysobjectid = Fixed 1.3.6.1.4.1.119.1.76.2 (Actual output: nec 1.76.2) NEAX IPS sysobjectid = Fixed 1.3.6.1.4.1.119.1.76.3 (Actual output: nec 1.76.3) ISO Layer Functionality Value 1 physical (repeaters) 1 2 datalink/subnetwork (bridges) 2 3 internet (IP routers) 4 4 end-to-end (TCP support) 8 7 applications (SMTP, etc.) 64 Table 3-1-1 Services The variable sysservices indicates the set of services that the particular system offers. A system supporting TCP applications would have a sysservices value of 72 (8+64). The same system acting as a router would have a value of 76 (4+8+64). NEAX IPX sysservices = 72 Default NEAX IPS sysservices = 72 Default 36

The Interface Group RFC 1213 This group consists of one variable and one large table. NAME OID SYNTAX ACCESS STATUS Description Interfaces (if) 1.3.6.1.2.1.2 Group None mandatory Information about the logical I/O ports. ifnumber 1.3.6.1.2.1.2.1 Integer RO mandatory The number of network interfaces present on this system. iftable 1.3.6.1.2.1.2.1.2 Sequence of None mandatory A list of interface entries. The number of entries is IfEntry given by the value of ifnumber. ifentry 1.3.6.1.2.1.2.1.2.1 IfEntry None mandatory A row of the iftable containing objects for a logical interface. ifindex 1.3.6.1.2.1.2.2.1.1 Integer RO mandatory A unique value for each interface. The key to the table. ifdescr 1.3.6.1.2.1.2.2.1.2 String to 255 RO mandatory A textual string containing information about the interface. (As provided by the MIB writer) iftype 1.3.6.1.2.1.2.2.1.3 Integer RO mandatory The type of physical or link interface protocol see Table 3-2-1 immediately below the network layer in the stack. ifmtu 1.3.6.1.2.1.2.2.1.4 Integer RO mandatory The largest datagram which can be sent/received on the interface, in octets. Table 3-2 Interface Group iftypes Value Meaning Value Meaning Value Meaning 1 none of the following 2 regular 822 3 hdh 1822 4 ddn-x25 5 rfc 877-x25 6 ethernet - csmacd 7 iso88023-csmacd 8 iso 88024-token Bus 9 iso 88025 - tokenring 10 iso88026-man 11 starlan 12 proteon - 10Mbit 13 proteon-80mbit 14 hyperchannel 15 fddi 16 lapb 17 sdlc 18 ds 1 [T-1] 19 e1 [Europe/S.A. T-1] 20 basic ISDN 21 primary ISDN 22 proppointtopointserial 23 PPP 24 software Loopback 25 eon [CLNP over IP] 26 ethernet-3mbit 27 nsip [XNS over IP] 28 slip [generic SLIP] 29 ultra 30 ds 3 [T-3] 31 sip [SMDS] 32 frame-relay Table 3-2-1 iftype Object Most standard interfaces have values in the iftype object. NEAX IPX iftype = ethernet-csmacd (6) NEAX IPS iftype = ethernet-csmacd (6) 37

if Troubleshooting The ifadminstatus and ifoperstatus variables work together to offer control of each identified interface. NAME OID SYNTAX ACCESS STATUS Description ifspeed 1.3.6.1.2.1.2.2.1.5 Gauge RO mandatory An estimate of the interface's current bandwidth in bits per second. ifphysaddress 1.3.6.1.2.1.2.2.1.6 Physical RO mandatory The interface's address at the protocol layer immediately Address below the network layer in the protocol stack. ifadminstatus 1.3.6.1.2.1.2.2.1.7 Integer RW mandatory The desired state of the interface. ifoperstatus 1.3.6.1.2.1.2.2.1.8 Integer RO mandatory The current operational state of the interface. iflastchange 1.3.6.1.2.1.2.2.1.9 TimeTicks RO mandatory The value of sysuptime at the time the interface entered its current operational state. Table 3-3 if Inbound Counters These are inbound event occurrences in the agent s referenced interface. NAME OID SYNTAX ACCESS STATUS Description ifinoctets 1.3.6.1.2.1.2.2.1.10 Counter RO mandatory The total number of octets received on the interface, including framing characters. ifinucastpkts 1.3.6.1.2.1.2.2.1.11 Counter RO mandatory The number of subnetwork-unicast packets delivered to a higher-layer protocol. ifinnucastpkts 1.3.6.1.2.1.2.2.1.12 Counter RO mandatory The number of non-unicast packets delivered to a higher-layer protocol. ifindiscards 1.3.6.1.2.1.2.2.1.13 Counter RO mandatory The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. ifinerrors 1.3.6.1.2.1.2.2.1.14 Counter RO mandatory The number of inbound packets that contained errors that make them undeliverable to a higher-layer protocol. ifinunknownprotos 1.3.6.1.2.1.2.2.1.15 Counter RO mandatory The number of packets received via the interface which were discarded because of an unknown or unsupported protocol. Table 3-4 Inbound Counters 38

if Outbound Counters The ifoutqlen can tell us how many packets have lined up at the interface waiting to leave. This is easier than retrieving the ifindiscards and ifoutdiscards and comparing them to previous values. NAME OID SYNTAX ACCESS STATUS Description ifoutoctets 1.3.6.1.2.1.2.2.1.16 Counter RO mandatory The total number of octets transmmitted out of the interface including framing characters. ifoutucastpkts 1.3.6.1.2.1.2.2.1.17 Counter RO mandatory The total number of packets that higher-level protocols requested be sent to a subnetwork-unicast address. ifoutnucastpkts 1.3.6.1.2.1.2.2.1.18 Counter RO mandatory The total number of packets that higher-level protocols requested be sent to a non-unicast address. ifoutdiscards 1.3.6.1.2.1.2.2.1.19 Counter RO mandatory The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. ifouterrors 1.3.6.1.2.1.2.2.1.20 Counter RO mandatory The number of outbound packets that could not be transmitted because of errors. ifoutqlen 1.3.6.1.2.1.2.2.1.21 Gauge RO mandatory The length of the output packet queue (in packets). ifspecific 1.3.6.1.2.1.2.2.1.22 Object Id RO mandatory A reference to MIB definitions specific to the particular media being used for the interface. Table 3-5 Outbound Counters The Address Translation Group RFC 1213 The Address Translation tables contain the NetworkAddress to physical address equivalences. Some interfaces do not use translation tables for determining address equivalences, if all interfaces are of this type, then the Address Translation table is empty, i.e., has zero entries. NAME OID SYNTAX ACCESS STATUS Description Address Translation (at) 1.3.6.1.2.1.3 Group None deprecated Information from the ARP cache. attable 1.3.6.1.2.1.3.1 Sequence of None deprecated The Address Translation tables contain the NetworkAddress AtEntry to physical address match. atentry 1.3.6.1.2.1.3.1.1 AtEntry None deprecated Each entry contains one NetworkAddress to physical address match. atifindex 1.3.6.1.2.1.3.1.1.1 Integer RW deprecated The interface on which this entry's equivalence is effective. atphysaddress 1.3.6.1.2.1.3.1.1.2 PhysAddress RW deprecated The media-dependent physical address. atnetaddress 1.3.6.1.2.1.3.1.1.3 Network- RW deprecated The NetworkAddress corresponding to the media-dependent Address physical address. Table 3-6 Address Translation Group 39

The IP Group RFC 1213 This group provides information on the functions of the Internet Protocol entity in the agent s system. NEAX IPX ipforwarding = 2: do not forward NEAX IPS ipforwarding = 2: do not forward A value of 1 on a get-request response of ipforwarding indicates that the system can forward datagrams. NEAX IPX ipdefaultttl = 64 NEAX IPS ipdefaultttl = 64 NAME OID SYNTAX ACCESS STATUS Description Internet Protocol (ip) 1.3.6.1.2.1.4 Group None Information about the Internet Protocol. ipforwarding 1.3.6.1.2.1.4.1 Integer RW mandatory The indicator that this system can forward datagrams received by (but not addressed to) it. ipdefaultttl 1.3.6.1.2.1.4.2 Integer RW mandatory The default value in the Time-to-Live field of the IP datagrams originated at this system. Table 3-7 IP Group ip Inbound Counters NAME OID SYNTAX ACCESS STATUS Description ipinreceives 1.3.6.1.2.1.4.3 Counter RO mandatory The total number of input datagrams received from interfaces, including those received in error. ipinhdrerrors 1.3.6.1.2.1.4.4 Counter RO mandatory The number of input datagrams discarded due to errors in their IP headers. ipinaddrerrors 1.3.6.1.2.1.4.5 Counter RO mandatory The number of datagrams discarded when their IP header's destination field was not this system. ipforwdatagrams 1.3.6.1.2.1.4.6 Counter RO mandatory The number of datagrams that this system attempted to find a route to forward. ipinunknownprotos 1.3.6.1.2.1.4.7 Counter RO mandatory The number of datagrams received but discarded because of an unknown or unsupported protocol. ipindiscards 1.3.6.1.2.1.4.8 Counter RO mandatory The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (e.g., for lack of buffer space). ipindelivers 1. 3.6.1.2.1.4.9 Counter RO mandatory The total number of input datagrams successfully delivered to IP user-protocols. Table 3-8 IP Inbound Counters 40

ip Outbound Counters NAME OID SYNTAX ACCESS STATUS Description ipoutrequests 1.3.6.1.2.1.4.10 Counter RO mandatory The total number of IP datagrams which local protocols passed to IP for sending out, except the number of ipforwdatagrams ipoutdiscards 1.3.6.1.2.1.4.11 Counter RO mandatory The number of output IP datagrams with no problems that the system discarded. ipoutnoroutes 1.3.6.1.2.1.4.12 Counter RO mandatory The number of IP datagrams discarded because the system could find no route to their destination. Table 3-9 IP Outbound Counters Fragmentation Counters NEAX IPX ipreasmtimeout = 64 seconds NEAX IPS ipreasmtimeout = 64 seconds NAME OID SYNTAX ACCESS STATUS Description ipreasmtimeout 1.3.6.1.2.1.4.13 Integer RO mandatory The maximum number of seconds IP holds received fragments awaiting reassembly. ipreasmreqds 1.3.6.1.2.1.4.14 Counter RO mandatory The number of IP fragments received needing reassembly at this system. ipreasmoks 1.3.6.1.2.1.4.15 Counter RO mandatory The number of IP datagrams successfully reassembled. ipreasmfails 1.3.6.1.2.1.4.16 Counter RO mandatory The number of failures detected by the IP reassembly algorithm. ipfragoks 1.3.6.1.2.1.4.17 Counter RO mandatory The number of IP datagrams that IP has successfully fragmented at this system. ipfragfails 1.3.6.1.2.1.4.18 Counter RO mandatory The number of IP datagrams that IP has discarded because it could not fragment them. ipfragcreates 1.3.6.1.2.1.4.19 Counter RO mandatory The number of IP datagram fragments that IP has generated at this system. Table 3-10 Fragmentation Counters 41

ip Address Table The IP Address table contains this entity s IP addressing information. NEAX IPX ipadentaddr = IP Address set in ASYDL/ADTM NEAX IPS ipadentaddr = IP Address set in CM0B Y=00 (1) 00 NEAX IPX ipadentifindex = 127.0.0.1 LoopBack NEAX IPS ipadentifindex = 127.0.0.1 LoopBack NEAX IPX ipadentnetmask = Subnetmask set in ASYDL /ADTM NEAX IPS ipadentnetmask = Subnetmask set in CM0B Y=00 (1) 01 NEAX IPX ipadentbcastaddr = 1 NEAX IPS ipadentbcastaddr = 1 NEAX IPX ipadentreasmmaxsize = 1500 NEAX IPS ipadentreasmmaxsize = 1500 NAME OID SYNTAX ACCESS STATUS Description ipaddrtable 1.3.6.1.2.1.4.20 Sequence None mandatory The table of addressing information relevant to this IpAddrEntry system's IP addresses. ipaddrentry 1.3.6.1.2.1.4.20.1 IpAddrEntr None mandatory Information for one of this system's IP addresses. ipadentaddr 1.3.6.1.2.1.4.20.1.1 IpAddress RO mandatory The IP address to which this entry's addressing information pertains. ipadentifindex 1.3.6.1.2.1.4.20.1.2 Integer RO mandatory The index value that uniquely identifies the interface to which this entry is applicable. ipadentnetmask 1.3.6.1.2.1.4.20.1.3 IpAddress RO mandatory The subnet mask associated with the IP address of this entry. ipadentbcastaddr 1.3.6.1.2.1.4.20.1.4 Integer RO mandatory The value of the least significant bit in the IP broadcast address used on the (logical) interface. ipadentreasmmaxsize 1.3.6.1.2.1.4.20.1.5 Integer to RO mandatory The size of the largest IP datagram that this system 65535 can re-asemble from IP fragments. Table 3-11 IP Address table 42

ip Route Table The IP routing table contains an entry for each route presently known to this entity. NEAX IPX iproutenexthop = Gateway address set in ASYDL/ADTM NEAX IPS iproutenexthop = Gateway address set in XXXXXXX NAME OID SYNTAX ACCESS STATUS Description iproutetable 1.3.6.1.2.1.4.21 Sequence of None mandatory This system's IP Routing table. IpRouteEntry iprouteentry 1.3.6.1.2.1.4.21.1 IpRouteEntry None mandatory A route to a particular destination. iproutedest 1.3.6.1.2.1.4.21.1.1 IpAddress RW mandatory The destination IP address of this route. iprouteifindex 1.3.6.1.2.1.4.21.1.2 Integer RW mandatory The value that identifies the local interface through which the datagram should reach the next hop. iproutemetric1 1.3.6.1.2.1.4.21.1.3 Integer RW mandatory The primary routing metric for this route. iproutemetric2 1.3.6.1.2.1.4.21.1.4 Integer RW mandatory An alternate routing metric for this route. iproutemetric3 1.3.6.1.2.1.4.21.1.5 Integer RW mandatory An alternate routing metric for this route. iproutemetric4 1.3.6.1.2.1.4.21.1.6 Integer RW mandatory An alternate routing metric for this route. iproutenexthop 1.3.6.1.2.1.4.21.1.7 IpAddress RW mandatory The IP address of the next hop of this route. iproutetype 1.3.6.1.2.1.4.21.1.8 Integer RW mandatory The type of route: other(1), invalid(2), direct(3) or indirect(4). iprouteproto 1.3.6.1.2.1.4.21.1.9 Integer RO mandatory The way (usually protocol) this system learned the route. iprouteage 1.3.6.1.2.1.4.21.1.10 Integer RW mandatory The number of seconds since IP last updated this route or otherwise determined it correct. iproutemask 1.3.6.1.2.1.4.21.1.11 IpAddress RW mandatory The mask to be logically-anded with the destination for comparing to the iproutedest field. iproutemetric5 1.3.6.1.2.1.4.21.1.12 Integer RW mandatory An alternate routing metric for this route. iprouteinfo 1.3.6.1.2.1.4.21.1.13 Object Id RO mandatory A reference to MIB definitions specific to the routing protocol responsible for this route. Table 3-12 IP Route Table iprouteproto possible integer values other (1) unknown local (2) direct netmgmt (3) icmp (4) egp (5) ggp (6) hello (7) rip (8) is-is (9) es-is (10) ciscoigrp (11) bbnspfigp (12) ospf (13) bgp (14) Table 3-12-1 iprouteproto values 43

Net to Media Table This table is used for mapping from IP addresses to physical addresses. This table takes the place of the Address Translation Table since it was deprecated. ipnettomediatable 1.3.6.1.2.1.4.22 Sequence of None mandatory The IP Address Translation table for mapping IP to physical ipnettomediaentry addresses. ipnettomediaentry 1.3.6.1.2.1.4.22.1 ipnettomediaenone mandatory Each entry contains one IPAddress to physical address equivalence. ipnettomediaifindex 1.3.6.1.2.1.4.22.1.1 Integer RW mandatory The interface on which this entry's equivalence is effective. ipnettomediaphysaddress 1.3.6.1.2.1.4.22.1.2 PhysAddress RW mandatory The media-dependent physical address. ipnettomedianetaddress 1.3.6.1.2.1.4.22.1.3 IpAddress RW mandatory The IpAdress corresponding to the media-dependent physical address. ipnettomediatype 1.3.6.1.2.1.4.22.1.4 Integer RW mandatory The type of mapping. iproutingdiscards 1.3.6.1.2.1.4.23 Counter RO mandatory The number of routing entries that IP discarded even though they are valid. Table 3-13 Net to Media Table The ICMP Group RFC 1213 The Internet Control Message Protocol as specified in RFC 792, provides a number of diagnostics functions and can send error packets to hosts. ICMP Inbound Counters NAME OID SYNTAX ACCESS STATUS Description ICMP (In) 1.3.6.1.2.1.5 Group None mandatory Internet Control Message Protocol information. icmpinmsgs 1.3.6.1.2.1.5.1 Counter RO mandatory The total number of ICMP messages which the system received. icmpinerrors 1.3.6.1.2.1.5.2 Counter RO mandatory The number of ICMP messages which the system received that had ICMP-specific errors. icmpindestunreachs 1.3.6.1.2.1.5.3 Counter RO mandatory The number of ICMP Destination Unreachable messages received. icmpintimeexcds 1.3.6.1.2.1.5.4 Counter RO mandatory The number of ICMP Time Exceeded messages received. icmpinparmprobs 1.3.6.1.2.1.5.5 Counter RO mandatory The number of ICMP Parameter Problem messages received icmpinsrcquenchs 1.3.6.1.2.1.5.6 Counter RO mandatory The number of ICMP Source Quench messages received. icmpinredirects 1.3.6.1.2.1.5.7 Counter RO mandatory The number of ICMP Redirect messages received. icmpinechos 1.3.6.1.2.1.5.8 Counter RO mandatory The number of ICMP Echo (request) messages. icmpinechoreps 1.3.6.1.2.1.5.9 Counter RO mandatory The number of ICMP Echo Reply messages received. icmpintimestamps 1.3.6.1.2.1.5.10 Counter RO mandatory The number of ICMP Timestamp (request) messages received. icmpintimestampreps 1. 3.6.1.2.1.5.11 Counter RO mandatory The number of ICMP Timestamp Reply messages received. icmpinaddrmasks 1. 3.6.1.2.1.5.12 Counter RO mandatory The number of ICMP Adress Mask Request messages received. icmpinaddrmaskreps 1.3.6.1.2.1.5.13 Counter RO mandatory The number of ICMP Adress Mask Reply messages received Table 3-14 ICMP Inbound Counters 44

ICMP Variation Outbound Counters NAME OID SYNTAX ACCESS STATUS Description icmpoutmsgs 1.3.6.1.2.1.5.14 Counter RO mandatory The total number of ICMP messages which this system attempted to send. icmpouterrors 1.3.6.1.2.1.5.15 Counter RO mandatory The number of ICMP messages which this system did not send due to ICMP problems. icmpoutdestunreachs 1.3.6.1.2.1.5.16 Counter RO mandatory The number of ICMP Destination Unreachable messages sent. icmpouttimeexcds 1.3.6.1.2.1.5.17 Counter RO mandatory The number of ICMP Time Exceeded messages sent. icmpoutparmprobs 1.3.6.1.2.1.5.18 Counter RO mandatory The number of ICMP Parameter Problem messages sent. icmpoutsrcquenchs 1.3.6.1.2.1.5.19 Counter RO mandatory The number of ICMP Source Quench messages sent. icmpoutredirects 1.3.6.1.2.1.5.20 Counter RO mandatory The number of ICMP Redirect messages sent. Table 3-15 ICMP Variation Outbound Counters ICMP Diagnostic Outbound Counters NAME OID SYNTAX ACCESS STATUS Description icmpoutechos 1.3.6.1.2.1.5.21 Counter RO mandatory The number of ICMP Echo (request) messages sent. icmpoutechoreps 1.3.6.1.2.1.5.22 Counter RO mandatory The number of ICMP Echo Reply messages sent. icmpouttimestamps 1.3.6.1.2.1.5.23 Counter RO mandatory The number of ICMP Timestamp (request) messages sent. icmpouttimestampreps 1.3.6.1.2.1.5.24 Counter RO mandatory The number of ICMP Timestamp Reply messages sent. icmpoutaddrmasks 1.3.6.1.2.1.5.25 Counter RO mandatory The number of ICMP Address Mask Request messages sent icmpoutaddrmaskrep 1.3.6.1.2.1.5.26 Counter RO mandatory The number of ICMP Address Mask Reply messages sent. Table 3-16 ICMP Diagnostic Outbound Counters 45

The TCP Group RFC 1213 The TCP Group focuses on server functions. NAME OID SYNTAX ACCESS STATUS Description TCP 1.3.6.1.2.1.6 Group None mandatory Information about Transmission Control Protocol functions. tcprtoalgorithm see Table 3-17-1 1.3.6.1.2.1.6.1 Integer RO mandatory The algorithm to determine the timeout value used for retransmitting unacknowledge octets. tcprtomin 1.3.6.1.2.1.6.2 Integer RO mandatory The minimum, in milliseconds (msec), for this TCP entity's retransmission timeout. tcprtomax 1.3.6.1.2.1.6.3 Integer RO mandatory The maximum, in milliseconds (msec), for this TCP implementation of the retransmission timeout. Table 3-17 Retransmission of Unacknowledged Data Table NEAX IPX tcprtoalgorithym = vanj NEAX IPS tcprtoalgorithym = vanj NEAX IPX tcprtomin = 100 NEAX IPS tcprtomin = 100 NEAX IPX tcprtomax = 64000 msec NEAX IPS tcprtomax = 64000 msec The tcprtoalgorithm identifies the formula that will be used by the agent's system to determine how long to wait before retransmitting the TCP segment. The possible integer values are: other (1) none of the following constant (2) a constant retransmit timeout rsre (3) Military Standard 1778 vanj (4) Van Jacobson's Algorithm Table 3-17-1 tcprtoalgorithm Values 46

TCP Connection Objects NAME OID SYNTAX ACCESS STATUS Description tcpmaxconn 1.3.6.1.2.1.6.4 Integer RO mandatory The maximum number of TCP connections the system can support. tcpactiveopens 1.3.6.1.2.1.6.5 Counter RO mandatory How many TCP connections transitioned to SYN-SENT state from the CLOSED state. tcppassiveopens 1.3.6.1.2.1.6.6 Counter RO mandatory How many TCP connections transitioned to the SYN-RCVD state from the LISTEN state. tcpattemptfails 1.3.6.1.2.1.6.7 Counter RO mandatory How many TCP connections have not completed the SYN handshake procedure. tcpestabresets 1.3.6.1.2.1.6.8 Conter RO mandatory How many TCP connections have gone to the CLOSED state from ESTABLISHED or CLOSE-WAIT. tcpcurrestab 1.3.6.1.2.1.6.9 Gauge RO mandatory How many TCP connections currently in the ESTABLISHED or CLOSE-WAIT state. Table 3-18 TCP Connection Objects NEAX IPX tcpmaxconn = 4096 (-1 = unlimited ) NEAX IPS tcpmaxconn = 2048 (-1 = unlimited ) TcpActiveOpens = Step 1 of 3 step handshake TcpPassiveOpens = Step 2 of 3 step handshake TcpAttemptFails = Step 3 of 3 step handshake TCP Segment Counters NAME OID SYNTAX ACCESS STATUS Description tcpinsegs 1.3.6.1.2.1.6.10 Counter RO mandatory The total number of segments received, including those received in error. tcpoutsegs 1.3.6.1.2.1.6.11 Counter RO mandatory The total number of segments sent, excluding those containing only retransmitted octets. tcpretranssegs 1.3.6.1.2.1.6.12 Counter RO mandatory The total number of segments retransmitted. Table 3-19 TCP Segment Counters 47

TCP Connection Table The tcpconntable tracks the current tcp and where in the TCP session they are at the time of the SNMP request. NAME OID SYNTAX ACCESS STATUS Description tcpconntable 1.3.6.1.2.1.6.13 Seq of None mandatory A table containing TCP connection-specific information. TcpConnEntry tcpconnentry 1.3.6.1.2.1.6.13.1 TcpConnEntryNone mandatory Information about a particular current TCP connection. tcpconnstate (see Table 3-20-1) 1.3.6.1.2.1.6.13.1.1 Integer RW mandatory The state of this TCP connection. tcpconnlocaladdress 1.3.6.1.2.1.6.13.1.2 IpAddress RO mandatory The local IP address for this TCP connection. tcpconnlocalport 1.3.6.1.2.1.6.13.1.3 Integer to 655 RO mandatory The local port number for this TCP connection. tcpconnremaddress 1.3.6.1.2.1.6.13.1.4 IpAddress RO mandatory The remote IP address for this TCP connection. tcpconnremport 1.3.6.1.2.1.6.13.1.5 Integer to 655 RO mandatory The remote port number for this TCP connection. Table 3-20 TCP Connection Table closed (1) listen (2) synsent (3) synreceived (4) established (5) finwait1(6) finwait2(7) closewait(8) lastack(9) closing(10) timewait(11) deletetcb(12) Table 3-20-1 tcpconnstate Values TCP MIB-II additions NAME OID SYNTAX ACCESS STATUS Description tcpinerrs 1.3.6.1.2.1.6.14 Counter RO mandatory The total number of segments received in error. tcpoutrsts 1.3.6.1.2.1.6.15 Counter RO mandatory The number of TCP segments sent containing the RST flag. Table 3-21 TCP MIB-II Additions 48

The UDP Group RFC 1213 NAME OID SYNTAX ACCESS STATUS Description UDP 1.3.6.1.2.1.7 Group None mandatory Information about User Datagram Protocol function. udpindatagrams 1.3.6.1.2.1.7.1 Counter RO mandatory The total number of UDP datagrams delivered to UDP users. udpnoports 1.3.6.1.2.1.7.2 Counter RO mandatory The total number of received UDP datagrams for which there was no application at the destination port. udpinerrors 1.3.6.1.2.1.7.3 Counter RO mandatory The number of received UDP datagrams that are undeliverable but not for the lack of an application. udpoutdatagrams 1.3.6.1.2.1.7.4 Counter RO mandatory The total number of UDP datagrams sent from this system. Table 3-22 UDP Group UDP Table NAME OID SYNTAX ACCESS STATUS Description udptable 1.3.6.1.2.1.7.5 Seq of UdpEn None mandatory A table containing UDP listener information. udpentry 1.3.6.1.2.1.7.5.1 UdpEntry None mandatory Information about a particular current UDP listener. udplocaladdress 1.3.6.1.2.1.7.5.1.1 IpAddress RO mandatory The local IP address for this UDP listener. udplocalport 1.3.6.1.2.1.7.5.1.2 Integer to 655 RO mandatory The local port number for this UDP listener. Table 3-23 UDP Table The EGP Group RFC 1213 EGP I/O Counters NAME OID SYNTAX ACCESS STATUS Description EGP 1.3.6.1.2.1.8 Group None mandatory Information about Exterior Gateway Protocol functions. egpinmsgs 1.3.6.1.2.1.8.1 Counter RO mandatory The number of EGP messages received without errors. egpinerrors 1.3.6.1.2.1.8.2 Counter RO mandatory The number of EGP messages received that proved to be in error. egpoutmsgs 1.3.6.1.2.1.8.3 Counter RO mandatory The total number of locally generated EGP messages. egpouterrors 1.3.6.1.2.1.8.4 Counter RO mandatory The number of locally generated EGP messages not sent due to internal resource limitations. Table 3-24 EGP I/O Counters 49

EGP Neighbor Table NAME OID SYNTAX ACCESS STATUS Description egpneightable 1.3.6.1.2.1.8.5 Seq Of None mandatory The EGP neighbor table. EgpNeighEntry egpneighentry 1.3.6.1.2.1.8.5.1 EgpNeighEntr None mandatory Information about this system's relationship with a particular EGP neighbor. egpneighstate 1.3.6.1.2.1.8.5.1.1 Integer RO mandatory The EGP state of the local system with respect to this entry's EGP neighbor. (RFC 904) egpneighaddr 1.3.6.1.2.1.8.5.1.2 IpAddress RO mandatory The IP address of this entry's EGP neighbor egpneighas 1.3.6.1.2.1.8.5.1.3 Integer RO mandatory The autonomous system of this EGP peer. Table 3-25 EGP Neighbor Table EGP Neighbor Table I/O Counters NAME OID SYNTAX ACCESS STATUS Description egpneighinmsgs 1.3.6.1.2.1.8.5.1.4 Counter RO mandatory The number of EGP messages received without error from this EGP peer. egpneighinerrs 1.3.6.1.2.1.8.5.1.5 Counter RO mandatory The number of EGP messages received from this EGP peer that proved to be in error. egpneighoutmsgs 1.3.6.1.2.1.8.5.1.6 Counter RO mandatory The number of locally generated EGP messages to this EGP peer. egpneighouterrs 1.3.6.1.2.1.8.5.1.7 Counter RO mandatory The locally generated EGP messages not sent to this EGP peer due to internal resource limits. egpneighinerrmsgs 1.3.6.1.2.1.8.5.1.8 Counter RO mandatory The number of EGP-defined error messages received from this EGP peer. egpneighouterrmsgs 1.3.6.1.2.1.8.5.1.9 Counter RO mandatory The number of EGP-defined error messages sent to this EGP peer. Table 3-26 EGP Neighbor Table I/O Counters EGP Group Completion NAME OID SYNTAX ACCESS STATUS Description egpneighstateups 1.3.6.1.2.1.8.5.1.10 Counter RO mandatory The number of EGP state transitions to the UP state with this EGP peer. egpneighstatedowns 1.3.6.1.2.1.8.5.1.11 Counter RO mandatory The number of EGP state transitions from the UP state to any other state with this EGP peer. egpneighintervalhello 1.3.6.1.2.1.8.5.1.12 Integer RO mandatory The interval between EGP Hello command retransmissions (in hundredths of a second). (RFC 904) egpneighintervalpoll 1.3.6.1.2.1.8.5.1.13 Interger RO mandatory The interval between EGP poll command retransmissions (in hundredths of a second). (RFC 904) egpneighmode 1.3.6.1.2.1.8.5.1.14 Integer RO mandatory The polling mode of this EGP system (either passive or active). egpneigheventtrigger 1.3.6.1.2.1.8.5.1.15 Integer RW mandatory A control variable used to trigger operator-initiated Start and Stop events. (RFC 904 pages 8-10) egpas 1.3.6.1.2.1.8.6 Integer RO mandatory The autonomous system number of this EGP system. Table 3-27 EGP Group Completion 50

The SNMP Group RFC 1213 It can be said that the SNMP Group was designed to monitor other NMS s in an enterprise environment. NAME OID SYNTAX ACCESS STATUS Description SNMP 1.3.6.1.2.1.11 Group None mandatory Information for managing SNMP functions. snmpinpkts 1.3.6.1.2.1.11.1 Counter RO mandatory Total SNMP messages the agent received from the transport service. snmpoutpkts 1.3.6.1.2.1.11.2 Counter RO mandatory Total SNMP messages the agent sent to the transport service. Table 3-28 SNMP Group SNMP Inbound Errors NAME OID SYNTAX ACCESS STATUS Description snmpinbadversions 1.3.6.1.2.1.11.3 Counter RO mandatory Total SNMP messages delivered with an unsupported SNMP version. snmpinbadcommunitynames 1.3.6.1.2.1.11.4 Counter RO mandatory Total SNMP messages delivered with an unknown SNMP communityname. snmpinbadcommunityuses 1.3.6.1.2.1.11.5 Counter RO mandatory Total SNMP messages with an operation not allowed by the communityname. snmpinasnparseerrs 1.3.6.1.2.1.11.6 Counter RO mandatory Total ASN.1 or BER errors found when decoding received SNMP messages. unused 1.3.6.1.2.1.11.7 None None not used not used snmpintoobigs 1.3.6.1.2.1.11.8 Counter RO mandatory Total SNMP PDU's delivered with an error-status of "toobig" snmpinnosuchnames 1.3.6.1.2.1.11.9 Counter RO mandatory Total SNMP PDU's delivered with an error-status of "nosuch- Name". snmpinbadvalues 1.3.6.1.2.1.11.10 Counter RO mandatory Total SNMP PDU'S delivered with an error-status of "badvalue" SnmpInReadOnlys 1.3.6.1.2.1.11.11 Counter RO mandatory Total SNMP PDU'S delivered with an error-status of "readonly" snmpingenerrs 1.3.6.1.2.1.11.12 Counter RO mandatory Total SNMP PDU'S delivered with an error-status field value of "generr". Table 3-29 SNMP Inbound Errors SNMP Inbound Activity Counters NAME OID SYNTAX ACCESS STATUS Description snmpintotalreqvars 1.3.6.1.2.1.11.13 Counter RO mandatory Total MIB objects the agent retrieved successfully. snmpintotalsetvars 1.3.6.1.2.1.11.14 Counter RO mandatory Total MIB objects the agent altered successfully. snmpingetrequests 1.3.6.1.2.1.11.15 Counter RO mandatory Total SNMP Get-Request PDU's accepted and processed by the agent. snmpingetnexts 1.3.6.1.2.1.11.16 Counter RO mandatory Total SNMP Get-Next PDU's accepted and processed by the agent. snmpinsetrequests 1.3.6.1.2.1.11.17 Counter RO mandatory Total SNMP Set-Request PDU's accepted and processed by the agent. snmpingetresponses 1.3.6.1.2.1.11.18 Counter RO mandatory Total SNMP Get-Response PDU's accepted and processed by the agent. snmpintraps 1.3.6.1.2.1.11.19 Counter RO mandatory Total SNMP Trap PDU's accepted and processed by the agent. Table 3-30 SNMP Inbound Activity Counters 51

SNMP Outbound Errors NAME OID SYNTAX ACCESS STATUS Description snmpouttoobigs 1.3.6.1.2.1.11.20 Counter RO mandatory Total SNMP PDU's sent with an error-status field of "toobig" snmpoutnosuchnames 1.3.6.1.2.1.11.21 Counter RO mandatory Total SNMP PDU's sent with an error-status field of "nosuch- Name". snmpoutbadvalues 1.3.6.1.2.1.11.22 Counter RO mandatory Total SNMP PDU's sent with an error-status field of "badvalue" unused 1.3.6.1.2.1.11.23 None None not used not used snmpoutgenerrs 1.3.6.1.2.1.11.24 Counter RO mandatory Total SNMP PDU's sent with an error-status field of "generr". Table 3-31 SNMP Outbound Errors SNMP Outbound PDU Counter NAME OID SYNTAX ACCESS STATUS Description snmpoutgetrequests 1.3.6.1.2.1.11.25 Counter RO mandatory Total SNMP Get-Request PDU's sent by the agent. snmpoutgetnexts 1.3.6.1.2.1.11.26 Counter RO mandatory Total SNMP Get-Next PDU's sent by the agent. snmpoutsetrequests 1.3.6.1.2.1.11.27 Counter RO mandatory Total SNMP Set-Request PDU's sent by the agent. snmpoutgetresponses 1.3.6.1.2.1.11.28 Counter RO mandatory Total SNMP Get-Response PDU's sent by the agent. snmpouttraps 1.3.6.1.2.1.11.29 Counter RO mandatory Total SNMP Trap PDU's sent by the agent. snmpenableauthentraps 1.3.6.1.2.1.11.30 Integer RW mandatory Indicates if the agent can generate authentication-failure traps. Table 3-32 SNMP Outbound PDU Counter 52

Chapter 4 Supported MIB Groups by Platform This chapter shows the supported groups within MIB-II that are available for each platform. 53

NEAX IPX Supported Groups (R12, R13, R14 and R15) o System (sys) o Interface (if) o ICMP (icmp) o IP (ip) o UDP (udp) o TCP (tcp) o SNMP (snmp) NEAX IPS Supported Groups (R5 Phase 1 and R6.2) o System (sys) o Interface (if) o Address Translation (at) o IP (ip) o ICMP (icmp) o TCP (tcp) o UDP (udp) o SNMP (snmp) 54

NEAX IPX Specific OID S The following OID S are specific to the NEAX IPX and are part of NEC America Enterprise MIB 1.3.6.1.4.1.119. ipxlampstatusclear 1.3.6.1.4.1.119.2.3.76.2.1.1 o Access = READ-WRITE ipxmajorlampstatus 1.3.6.1.4.1.119.2.3.76.2.1.2 o Access = READ-ONLY ipxminorlampstatus 1.3.6.1.4.1.119.2.3.76.2.1.3 o Access = READ-ONLY ipxsystemmessagedata 1.3.6.1.4.1.119.2.3.76.2.2.1 o Access = NONE ipxsystemmessage 1.3.6.1.4.1.119.2.3.76.2.2.2 o Access = READ-ONLY To retrieve / fetch alarm and system message information from the NEAX IPX perform a, GET and OID. To clear alarm information on the NEAX IPX perform a SET, using the following values: OID = 1.3.6.1.4.1.119.2.3.76.2.1.1.0 or nec.2.3.76.2.1.1.0 Value Type = Integer Value = 1 NEAX IPS Specific OID S The following OID S are specific to the NEAX IPS and are part of NEC America Enterprise MIB 1.3.6.1.4.1.119. ipslampstatusclear 1.3.6.1.4.1.119.2.3.76.3.1.1 o Access = READ-WRITE ipsmajorlampstatus 1.3.6.1.4.1.119.2.3.76.3.1.2 o Access = READ-ONLY 55

ipsminorlampstatus 1.3.6.1.4.1.119.2.3.76.3.1.3 o Access = READ-ONLY ipssystemmessagedata 1.3.6.1.4.1.119.2.3.76.3.2.1 o Access = NONE ipssystemmessage 1.3.6.1.4.1.119.2.3.76.3.2.2 o Access = NONE 56

APPENDIX A 57

SECURITY ISSUES 58

One of the most vulnerable aspects of SNMP is the Community name. Anyone with a network analyzer can capture the Community name, and with the proper knowledge, can cause problems to network devices. With OID S having different permissions (Read-Only and Read-Write), it is the Read-Write permission that we must be careful with. There are many steps a company can take when using SNMP for monitoring their network. The CERT Coordination Center, (a center of Internet security expertise) in an advisory dated February 12, 2002 (CERT Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)) recommended that the following steps be taken in order to keep unauthorized personnel from having access to critical systems and network devices. Disable all nonessential SNMP software Filter SNMP access to managed devices to ensure the traffic originates from known management systems. Filter SNMP services at your network partner Change SNMP community strings from their defaults Segregate network management traffic onto a separate network When available, apply patches provided by vendors These are steps that can be recommended to network administrators but that us, (NEC America, Inc.), should not implement for our customers. 59

This Page left blank for your notes. 60

APPENDIX B PBX-MIB-2000-2400 File --Copyright 2002-2003 NEC America, Inc. All Rights Reserved. --Reproduction of this document is authorized on condition --that the foregoing notice is included. --This SNMP MIB Specification contains NEC America, Inc. --confidential and proprietary intellectual property. --NEC America, Inc. retains all title and ownership --in the Specification, including any revisions. --It is NEC America, Inc. intent to encourage the widespread --use of this specification in connection with the management --of the NEAX 2400 IPX and NEAX 2000 IPS PBX platforms. --NEC America, Inc. grants vendors, end-users, and other interested --parties a non-exclusive license to use this Specification in --connection with the management of the NEAX 2400 IPX and NEAX 2000 IPS --PBX platforms. --This Specification is issue AS IS, and NEC America, Inc. makes --no warranty, either express or implied, as to the use, operation, --condition, or performance of the Specification. IPX-EXTENSION-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, TimeTicks, Counter32, snmpmodules, mib-2 FROM SNMPv2-SMI DisplayString, TestAndIncr, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; necpbxmib MODULE-IDENTITY LAST-UPDATED "0110170000Z" ORGANIZATION "NEC Corp." 61

CONTACT-INFO "TEL NO" DESCRIPTION "IPS MIB" ::= { 1 3 6 1 4 1 119 1 76 } pbxsmall OBJECT IDENTIFIER ::= { necpbxmib 3 } -- -- NEC IPS MIBs -- pbxsmallmib OBJECT IDENTIFIER ::= { 1 3 6 1 4 1 119 2 3 76 3 } -- IPS Alarm Lamp GROUP. ipsalarm OBJECT IDENTIFIER ::= { pbxsmallmib 1 } ipslampstatusclear OBJECT-TYPE SYNTAX INTEGER { non(1), exist(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "IPS Lamp Status /Status Clear" ::= { ipsalarm 1 } ipsmajorlampstatus OBJECT-TYPE SYNTAX INTEGER { non(1), exist(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "IPS Major Lamp Status" ::= { ipsalarm 2 } ipsminorlampstatus OBJECT-TYPE SYNTAX INTEGER { non(1), exist(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "IPS Minor Lamp Status" ::= { ipsalarm 3 } -- IPS SYSTEM MESSAGE GROUP. ipssysmsg OBJECT IDENTIFIER ::= { pbxsmallmib 2 } ipssystemmessagedata OBJECT-TYPE SYNTAX DisplayString( SIZE (0..255) ) MAX-ACCESS read-only STATUS current DESCRIPTION "IPS System Message Trap Data" ::= { ipssysmsg 1 } 62

ipssystemmessage NOTIFICATION-TYPE OBJECTS { ipssystemmessagedata } STATUS current DESCRIPTION "IPS System Message Trap" ::= { ipssysmsg 2 } -- -- NEC IPX MIBs -- ipx OBJECT IDENTIFIER ::= { 1 3 6 1 4 1 119 2 3 76 2 } -- IPX Alarm Lamp GROUP. alarm OBJECT IDENTIFIER ::= { ipx 1 } ipxlampstatusclear OBJECT-TYPE SYNTAX INTEGER { non(1), clear(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "IPX Lamp Status Clear" ::= { alarm 1 } ipxmajorlampstatus OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "IPX Major Lamp Status" ::= { alarm 2 } ipxminorlampstatus OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "IPX Minor Lamp Status" ::= { alarm 3 } ipxsupervisorlampstatus OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "IPX Supervisor Lamp Status" ::= { alarm 4 } -- IPX SYSTEM MESSAGE GROUP. systemmessage OBJECT IDENTIFIER ::= { ipx 2 } 63

ipxsystemmessagedata OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "IPX System Message Trap Data" ::= { systemmessage 1 } ipxsystemmessage NOTIFICATION-TYPE OBJECTS { ipxsystemmessagedata } STATUS current DESCRIPTION "IPX System Message Trap" ::= { systemmessage 2 } END 64

References RFC 1213 S K. McCloghrie, M. Rose, Management Information Base for Network Management of TCP/IP based internets: MIB II, 03/26/1991. (Obsoletes RFC 1158), (STD 17). NEAX 2000 IPS System Manual ND-71503 (E) Rev. 3.0 (Chapter 3 Page 186) NEAX 2400 DM System Operation and Maintenance Manual ND-71776 (E) ISSUE 1 (Page 500) The CERT Coordination Center 65