SNMP eng
SNMP can be used for status information via UDP (port 161). Supported SNMP commands are:
- GET
- GETNEXT
- GETBULK
- SET
To query via SNMP you need a Network Management System, such as HP OpenView, OpenNMS, Nagios etc., or the simple command line tools of NET-SNMP software. The device supports SNMP protocols v1, v2c and v3. If traps are enabled in the configuration, the device messages are sent as notifications (traps). SNMP Informs are not supported. SNMP Requests are answered with the same version with which they were sent. The version of the sent traps can be set in the configuration.
MIB Tables
The values that can be requested or changed by the device, the so-called "Managed Objects", are described in Management Information Bases (MIBs). These substructures are subordinate to so-called "OID" (Object Identifiers). An OID digit signifies the location of a value inside a MIB structure. Alternatively, each OID can be referred to with its symbol name (subtree name). The device's MIB table can be displayed as a
text file by clicking on the link "MIB table" on the SNMP configuration page in the browser.
SNMP v1 and v2c
SNMP v1 and v2c authenticates the network requests by so-called communities. The SNMP request has to send along the so-called community public for queries (read access) and the community private for status changes (write access) . The SNMP communities are read and write passwords. In SNMP v1 and v2 the communities are transmitted unencrypted on the network and can be easily intercepted with IP sniffers within this collision domain. To enforce limited access we recommend the use of DMZ or IP-ACL.
SNMP v3
Because the device has no multiuser management, only one user (default name "standard") is detected in SNMP v3. From the User-based Security Model (USM) MIB variables, there is a support of "usmStats ..." counter. The "usmUser ..." variables will be added with the enhancement of additional users in later firmware versions. The system has only one context. The system accepts the context "normal" or an empty context.
Authentication
The algorithms "HMAC-MD5-96" and "HMAC-SHA-96" are available for authentication. In addition, the "HMAC-SHA-2" variants (RFC7630) "SHA-256", "SHA-384" and "SHA-
512" are implemented.
"SHA-384" and "SHA512" are calculated purely in software. If "SHA-384" or "SHA- 512" is set on the configuration page, the time for the key generation may take once up to approx. 45 seconds.
Encryption
The methods "DES", "3DES", "AES-128", "AES-192" and "AES-256" are supported in combination with "HMAC-MD5-96" and "HMAC-SHA-96." For the "HMAC-SHA-2" protocols, there is currently neither RFC nor draft that will allow for cooperation with an encryption.
While in the settings "AES-192" and "AES256" the key calculation is based on "draft-blumenthalphoto-aes-usm-04", the methods "AES 192-3DESKey" and "AES 256-3DESKey" utilize a key generation, which is also used in the "3DES" configuration ("draft-reeder-snmpv3-usm-3desede-00"). If one is not an SNMP expert, it is recommended
to try in each case the settings with and without "...- 3DESKey".
Passwords
The passwords for authentication and encryption are stored only as computed hashes for security reasons. Thus it is, if at all, very difficult to infer the initial password. However, the hash calculation changes with the set algorithms. If the authentication or privacy algorithms are changed, the passwords must be re-entered in the configuration dialog.
Security
The following aspects should be considered:
- If encryption or authentication is used, then SNMP v1 and v2c should be turned off. Otherwise the device could be accessed with it.
- If only authentication is used, then the new "HMAC-SHA-2" methods are superior to the MD5 or SHA-1 hashing algorithms. Since only SHA-256 is accelerated in hardware, and SHA-384 and SHA-512 are calculated purely in software, one should normally select SHA-256. From a cryptographic point of view, the security of SHA-256 is sufficient for today's usage.
- For SHA-1, there are a little less attack scenarios than MD5. If in doubt, SHA-1 is preferable.
- Encryption "DES" is considered very unsafe, use only in an emergency for reasons of compatibility!
- For cryptologists it's a debatable point whether "HMAC-MD5-96" and "HMAC-SHA- 96" can muster enough entropy for key lengths of "AES-192" or "AES-256".
- From the foregoing considerations, we would recommended at present "HMACSHA-96" with "AES-128" as authentication and encryption method.
Change in Trap Design
In older MIB tables, a separate trap was defined for each combination of an event and a port number. This results in longer lists of trap definitions for the devices. For example, from epc8221SwitchEvtPort1 to epc8221SwitchEvtPort12. Since new firmware versions can generate many more different events, this behavior quickly produces several hundred trap definitions. To limit this overabundance of trap definitions, the trap design has been changed to create only one specific trap for each event type. The port or sensor number is now available in the trap as an index OID within the variable bindings.
In order to recognize this change directly, the "Notification" area in the MIB table has been moved from sysObjectID.0 to sysObjectID.3. This way, unidentified events are generated until the new MIB table is imported. For compatibility reasons, SNMP v1 traps are created in the same way as before.
NET-SNMP
NET-SNMP provides a very widespread collection of SNMP command-line tools (snmpget, snmpset, snmpwalk etc.) NET-SNMP is among others available for Linux and Windows. After installing NET-SNMP you should create the device-specific MIB of the device in NET-SMP share directory, e.g. after
c:\usr\share\snmp\mibs
or
/usr/share/snmp/mibs
So later you can use the 'subtree names' instead of OIDs:
Name: snmpwalk -v2c -mALL -c public 192.168.1.232 gudeads
OID: snmpwalk -v2c -mALL -c public 192.168.1.232 1.3.6.1.4.1.28507
NET-SNMP Examples
These examples refer to Gude devices that have switchable ports.
Query Power Port 1 switching state:
snmpget -v2c -mALL -c public 192.168.1.232 epc822XPortState.1
Switch on Power Port 1:
snmpset -v2c -mALL -c private 192.168.1.232 epc822XPortState.1 integer 1
MIB table
Below is a table of all device-specific OID 's which can be accessed via SNMP. In the numerical representation of the OID the prefix " 1.3.6.1.4.1.28507 " (Gude Enterprise OID) was omitted at each entry in the table to preserve space.
The example for a complete OID would be "1.3.6.1.4.1.28507.85.1.1.1.1". A distinction is made in SNMP OID 's in between tables and scalars. OID scalar have the extension ".0" and only specify a value. In SNMP tables the "x" is replaced by an index (1 or greater) to address a value from the table.
Good to know: In the web server on every device you can find the MIB table under the SNMP tab. You can also download the MIB tables on our website under Downloads.
| Name | Description | OID | Type | Acc. |
| epc8045TrapCtrl | 0 = off 1 = Ver. 1 2 = Ver. 2c 3 = Ver. 3 | 87.1.1.1.1.0 | Integer32 | RW |
| epc8045TrapIPIndex | A unique value, greater than zero, for each receiver slot. | .87.1.1.1.2.1.1.x | Integer32 | RO |
| epc8045TrapAddr | DNS name or IP address specifying one Trap receiver slot. A port can
optionally be specified: 'name:port' An empty string disables this slot. |
.87.1.1.1.2.1.2.x | OCTETS | RW |
| epc8045portNumber | The number of Relay Ports | .87.1.3.1.1.0 | Integer32 | RO |
| epc8045PortIndex | A unique value, greater than zero, for each Relay Port. | .87.1.3.1.2.1.1.x | Integer32 | RO |
| epc8045PortName | A textual string containing name of a Relay Port. | OCTETS | RW | |
| epc8045PortState | current state of a Relay Port | .87.1.3.1.2.1.3.x | INTEGER | RW |
| epc8045PortSwitchCount | The total number of switch actions ocurred on a Relay Port. Does not
count switch commands which will not switch the ralay state, so just real relay switches are displayed here. |
.87.1.3.1.2.1.4.x | Integer32 | RO |
| epc8045PortStartupMode | set Mode of startup sequence (off, on , remember last state) | .87.1.3.1.2.1.5.x | INTEGER | RW |
| epc8045PortStartupDelay | Delay in sec for startup action | .87.1.3.1.2.1.7.x | Integer32 | RW |
| epc8045PortRepowerTime | Delay in sec for repower port after switching off | .87.1.3.1.2.1.7.x | Integer32 | RW |
| epc8045PortResetDuration | Delay in sec for turning Port on again after Reset action | .87.1.3.1.2.1.8.x | Integer32 | RW |
| epc8045Buzzer | turn Buzzer on and off | .87.1.3.10.0 | Integer32 | RW |
| epc8045ActivePowerChan | Number of suppported Power Channels. | .87.1.5.1.1.0 | Unsigned32 | RO |
| epc8045PowerIndex | Index of Power Channel entries | .87.1.5.1.2.1.1.x | Integer32 | RO |
| epc8045ChanStatus | 0 = data not active, 1 = data valid | .87.1.5.1.2.1.2.x | Integer32 | RO |
| epc8045AbsEnergyActive | Absolute Active Energy counter. | .87.1.5.1.2.1.3.x | Gauge32 | RO |
| epc8045PowerActive | Active Power | .87.1.5.1.2.1.4.x | Integer32 | RO |
| epc8045Current | Actual Curent on Power Channel. | .87.1.5.1.2.1.5.x | Gauge32 | RO |
| epc8045Voltage | Actual Voltage on Power Channel | .87.1.5.1.2.1.6.x | Gauge32 | RO |
| epc8045Frequency | Frequency of Power Channel | .87.1.5.1.2.1.7.x | Gauge32 | RO |
| epc8045PowerFactor | Power Factor of Channel between -1.0 and 1.00 | .87.1.5.1.2.1.8.x | Integer32 | RO |
| epc8045Pangle | Phase Angle between Voltage and L Line Current between -180.0 and 180.0 | .87.1.5.1.2.1.9.x | Integer32 | RO |
| epc8045PowerApparent | L Line Mean Apparent Power | .87.1.5.1.2.1.10.x | Integer32 | RO |
| epc8045PowerReactive | L Line Mean Reactive Power | .87.1.5.1.2.1.11.x | Integer32 | RO |
| epc8045AbsEnergyReactive | Absolute Reactive Energy counter. | .87.1.5.1.2.1.12.x | Gauge32 | RO |
| epc8045AbsEnergyActiveResettable | Resettable Absolute Active Energy counter. Writing '0' resets all
resettable counter. |
.87.1.5.1.2.1.13.x | Gauge32 | RW |
| epc8045AbsEnergyReactiveResettable | Resettable Absolute Reactive Energy counter. | .87.1.5.1.2.1.14.x | Gauge32 | RO |
| epc8045ResetTime | Time in seconds since last Energy Counter reset. | Gauge32 | RO | |
| epc8045ForwEnergyActive | Forward Active Energy counter. | .87.1.5.1.2.1.16.x | Gauge32 | RO |
| epc8045ForwEnergyReactive | Forward Reactive Energy counter. | .87.1.5.1.2.1.17.x | Gauge32 | RO |
| epc8045ForwEnergyActiveResettable | Resettable Forward Active Energy counter. | .87.1.5.1.2.1.18.x | Gauge32 | RO |
| epc8045ForwEnergyReactiveResettable | Resettable Forward Reactive Energy counter. | .87.1.5.1.2.1.19.x | Gauge32 | RO |
| epc8045RevEnergyActive | Reverse Active Energy counter. | .87.1.5.1.2.1.20.x | Gauge32 | RO |
| epc8045RevEnergyReactive | Reverse Reactive Energy counter. | .87.1.5.1.2.1.21.x | Gauge32 | RO |
| epc8045RevEnergyActiveResettable | Resettable Reverse Active Energy counter. | .87.1.5.1.2.1.21.x | Gauge32 | RO |
| epc8045RevEnergyActiveResettable | Resettable Reverse Active Energy counter. | .87.1.5.1.2.1.22.x | Gauge32 | RO |
| epc8045RevEnergyReactiveResettable | Resettable Reverse Reactive Energy counter. | .87.1.5.1.2.1.23.x | Gauge32 | RO |
| epc8045ResidualCurrent | Actual Residual Current on Power Channel. According Type A IEC
60755. Only visible on models that support this feature. |
.87.1.5.1.2.1.24.x | Unsigned32 | RO |
| epc8045LineSensorName | A textual string containing name of a Line Sensor | .87.1.5.1.2.1.100.x | OCTETS | RW |
| epc8045OVPIndex | None | .87.1.5.2.1.1.x | Integer32 | RO |
| epc8045OVPStatus | shows the status of the built-in Overvoltage Protection | .87.1.5.2.1.2.x | INTEGER | RO |
| epc8045spActivePowerChan | Number of Single Port Power Channels. Value is zero on EPC 8220 series. | .87.1.5.5.1.0 | Unsigned32 | RO |
| epc8045spPowerIndex | Index of Single Port Power Channel entries. Indices 0-5 mean Ports A1
to A6, 6-11 are Ports B1 to B6. |
.87.1.5.5.2.1.1.x | Integer32 | RO |
| epc8045spChanStatus | 0 = data not active, 1 = data valid | .87.1.5.5.2.1.2.x | Integer32 | RO |
| epc8045spAbsEnergyActive | Absolute Active Energy counter. | .87.1.5.5.2.1.3.x | Gauge32 | RO |
| epc8045spPowerActive | Active Power | .87.1.5.5.2.1.4.x | Integer32 | RO |
| epc8045spCurrent | Actual Curent on Power Channel. | .87.1.5.5.2.1.5.x | Gauge32 | RO |
| epc8045spVoltage | Actual Voltage on Power Channel | .87.1.5.5.2.1.6.x | Gauge32 | RO |
| epc8045spFrequency | Frequency of Power Channel | .87.1.5.5.2.1.7.x | Gauge32 | RO |
| epc8045spPowerFactor | Power Factor of Channel between -1.0 and 1.00 | .87.1.5.5.2.1.8.x | Integer32 | RO |
| epc8045spPangle | Phase Angle between Voltage and L Line Current between -180.0 and 180.0 | .87.1.5.5.2.1.9.x | Integer32 | RO |
| epc8045spPowerApparent | L Line Mean Apparent Power | .87.1.5.5.2.1.10.x | Integer32 | RO |
| epc8045spPowerReactive | L Line Mean Reactive Power | .87.1.5.5.2.1.11.x | Integer32 | RO |
| epc8045spAbsEnergyReactive | Absolute Reactive Energy counter. | .87.1.5.5.2.1.12.x | Gauge32 | RO |
| epc8045spAbsEnergyActiveResettable | Resettable Absolute Active Energy counter. Writing '0' resets all resettable counter. | .87.1.5.5.2.1.13.x | Gauge32 | RW |
| epc8045spAbsEnergyReactiveResettable | Resettable Absolute Reactive Energy counter. | .87.1.5.5.2.1.14.x | Gauge32 | RO |
| epc8045spResetTime | Time in seconds since last Energy Counter reset. | .87.1.5.5.2.1.15.x | Gauge32 | RO |
| epc8045spForwEnergyActive | Forward Active Energy counter. | .87.1.5.5.2.1.16.x | Gauge32 | RO |
| epc8045spForwEnergyReactive | Forward Reactive Energy counter. | .87.1.5.5.2.1.17.x | Gauge32 | RO |
| epc8045spForwEnergyActiveResettable | Resettable Forward Active Energy counter. | .87.1.5.5.2.1.18.x | Gauge32 | RO |
| epc8045spForwEnergyReactiveResettable | Resettable Forward Reactive Energy counter. | .87.1.5.5.2.1.19.x | Gauge32 | RO |
| epc8045spRevEnergyActive | Reverse Active Energy counter. | .87.1.5.5.2.1.20.x | Gauge32 | RO |
| epc8045spRevEnergyReactive | Reverse Reactive Energy counter. | .87.1.5.5.2.1.21.x | Gauge32 | RO |
| epc8045spRevEnergyActiveResettable | Resettable Reverse Active Energy counter. | .87.1.5.5.2.1.22.x | Gauge32 | RO |
| epc8045spRevEnergyReactiveResettable | Resettable Reverse Reactive Energy counter. | .87.1.5.5.2.1.23.x | Gauge32 | RO |
| epc8045CPUSensorVsystem | System Voltage on CPU Board | .87.1.5.14.1.0 | Gauge32 | RO |
| epc8045CPUSensorVaux | Auxiliary Voltage on CPU Board | .87.1.5.14.2.0 | Gauge32 | RO |
| epc8045CPUSensorVmain | Main Voltage on CPU Board | .87.1.5.14.3.0 | Gauge32 | RO |
| epc8045CPUSensorTcpu | Temperature on CPU Board | .87.1.5.14.4.0 | Integer32 | RO |
| epc8045NTPTimeValid | Show if valid Time is received | .87.1.5.15.1.0 | INTEGER | RO |
| epc8045NTPUnixTime | show received NTP time as unixtime (secs since 1 January 1970) | .87.1.5.15.2.0 | Unsigned32 | RO |
| epc8045NTPLastValidTimestamp | show seconds since last valid NTP timestamp received | .87.1.5.15.3.0 | Unsigned32 | RO |
| epc8045RCMBInfoIndex | Index of RCMB Info entries | .87.1.5.16.1.1.x | Integer32 | RO |
| epc8045RCMBCurrentRMS | Actual Residual Current RMS on Power Channel. According Type B IEC 60755. Only visible on models that support this feature. | .87.1.5.16.1.2.x | Unsigned32 | RO |
| epc8045RCMBlCurrentDC | Actual Residual Current DC on Power Channel. According Type B IEC
60755. Only visible on models that support this feature. |
.87.1.5.16.1.3.x | Unsigned32 | RO |
| epc8045RCMBOutputRMS | shows the output S1 of the RCMB module | .87.1.5.16.1.4.x | INTEGER | RO |
| epc8045RCMBOutputDC | shows the output S2 of the RCMB module | .87.1.5.16.1.5.x | INTEGER | RO |
| epc8045RCMBModuleStatus | RCMB Module Status Word | .87.1.5.16.1.6.x | Unsigned32 | RO |
| epc8045SensorIndex | None | .87.1.6.1.1.1.x | Integer32 | RO |
| epc8045TempSensor | actual temperature | .87.1.6.1.1.2.x | Integer32 | RO |
| epc8045HygroSensor | actual humidity | .87.1.6.1.1.3.x | Integer32 | RO |
| epc8045AirPressure | actual air pressure | .87.1.6.1.1.5.x | Integer32 | RO |
| epc8045DewPoint | dew point for actual temperature and humidity | .87.1.6.1.1.6.x | Integer32 | RO |
| epc8045DewPointDiff | difference between dew point and actual temperature (Temp -
DewPoint) |
.87.1.6.1.1.7.x | Integer32 | RO |
| epc8045ExtSensorName | A textual string containing name of a external Sensor | .87.1.6.1.1.32.x | OCTETS | RW |
| epc8045ExtActiveInputs | Number of suppported Input Channels. | .87.1.6.2.1.0 | Unsigned32 | RO |
| epc8045ExtInputIndex | None | .87.1.6.2.2.1.1.x | Unsigned32 | RO |
| epc8045ExtInput | Input state of device | .87.1.6.2.2.1.2.x | INTEGER | RO |
| epc8045ExtInputName | A textual string containing name of the Input | .87.1.6.2.2.1.32.x | OCTETS | RW |
| epc8045ExtInputPortNum | Number of external Sensor Port when value greater zero, else device built-in Input. | .87.1.6.2.2.1.33.x | Integer32 | RO |
| epc8045ExtInputBlockIndex | Either index of device built-in Input, or index of Input in external sensor. | .87.1.6.2.2.1.34.x | Integer32 | RO |