The SnmpManager library implements a manager for the Internet-standard protocol SNMP (Simple Network Management Protocol). The SNMP manager allows your controller to collect and organize information about managed devices on IP (Internet Protocol) networks and to modify this information in order to change the configuration of the device.
The SNMP manager is able to communicate to managed devices over SNMPv1-protocol and SNMPv2c-protocol.
The SNMP manager complies to version 1 of the SNMP protocol defined in the IETF RFC 1157.
The SNMP manager complies to version 2 (Community-based) of the SNMP protocol defined in the IETF RFC 1901...1907.
It provides the following functions:
oGenerating and transmitting a GET request for one OID (Object IDentifier).
oGenerating and transmitting a SET request for one OID.
oReceiving and structuring the response of the agent.
oProviding the decoded value from a response in a suitable system type.
oEncoding a given value for a corresponding SET request.
oManaging detected errors.
An agent can be any network device providing SNMP functionality such as switches, routers, printers, or other controllers. You have to provide the information about the specific MIB (Management Information Base) structure and the corresponding OIDs for each agent.
Characteristics of the Library
The following table indicates the characteristics of the library:
|
Characteristic |
Value |
|---|---|
|
Library title |
SnmpManager |
|
Company |
Schneider Electric |
|
Category |
Communication |
|
Component |
Internet protocol suite |
|
Default namespace |
SE_SNMP |
|
Language model attribute |
|
|
Forward compatible library |
Yes (FCL) |
NOTE: For this library, qualified-access-only is set. This means, that the POUs, data structures, enumerations, and constants have to be accessed using the namespace of the library. The default namespace of the library is SE_SNMP.
Consider the following limitations for SNMP communication:
oOnly IPv4 (Internet Protocol version 4) is supported.
oOnly one request to one SNMP agent is allowed at a time.
oOnly one OID can be processed per request.
oThe SnmpManager library incorporates pointers on addresses.
Executing the Online Change command can change the contents of addresses.
|
|
|
INVALID POINTER |
|
Verify the validity of the pointers when using pointers on addresses and executing the Online Change command. |
|
Failure to follow these instructions can result in injury or equipment damage. |
The SNMP Manager Library is based on the UDP communications.
NOTE: The UDP protocol does not set up a dedicated end-to-end connection. The communication between the peers is achieved by transmitting information unidirectional from source to destination. It does not allow you to verify if a message reached its destination peer or information was lost on route. The UDP protocol does not provide any concept of acknowledgment, retransmission, or timeout.
The library described in this document internally uses the TcpUdpCommunication library.
The TcpUdpCommunication (Schneider Electric) and the CAA Net Base Services library (CAA Technical Workgroup) use the same system resources on the controller. The simultaneous use of both libraries in the same application may lead to disturbances during the operation of the controller.
|
|
|
UNINTENDED EQUIPMENT OPERATION |
|
Do not use the library TcpUdpCommunication (Schneider Electric) together with the library CAA Net Base Services (CAA Technical Workgroup) simultaneously in the same application. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
Considerations Concerning Cyber Security
The SnmpManager library functions do not support secure connections such as TLS (Transport Layer Security) or SSL (Secure Socket Layer). Since the SNMP telegrams are not encrypted and authentication is not required to get or set information on an agent. Communication must only be performed inside your industrial network, isolated from other networks inside your company, and protected from the Internet.
NOTE: Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.
|
|
|
UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED MACHINE OPERATION |
|
oEvaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in-Depth, before connecting the automation system to any network. oLimit the number of devices connected to a network to the minimum necessary. oIsolate your industrial network from other networks inside your company. oProtect any network against unintended access by using firewalls, VPN, or other, proven security measures. oMonitor activities within your systems. oPrevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions. oPrepare a recovery plan including backup of your system and process information. |
|
Failure to follow these instructions can result in death, serious injury, or equipment damage. |
|
Function block / function |
Use |
|---|---|
|
Implements an SNMP manager, which performs requests to managed devices. |
|
|
Converts an enumeration element of type ET_Result to a string value. |
Overview of the Structures in the Module-Specific Interface
|
Structure |
Use |
|---|---|
|
Contains one structure i_stRequest for user input and one q_stResponse for output data. |
|
|
Contains the user-specific information for sending a request to an agent. |
|
|
Contains the user information received from an agent upon a request. |
|
Enumeration |
Use |
|---|---|
|
Describes the possible types of values which can be sent with a SET request. |
|
|
Contains the possible values that indicate the result of operations executed by the function block. |
|
|
Allows you to define the types of requests (Protocol Data Units - PDUs) which can be executed by the function block FB_SNMPManager via i_etRequest. |
|
|
Allows you to define the type for the protocol version, which can be executed by the function block FB_SNMPManager via i_etVersion. |
