Chapter 17: SNMPv3
202
Overview
The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c
protocol implementation which is described in Chapter 16 on page 189. In
SNMPv3, User-based Security Model (USM) authentication is
implemented along with encryption, allowing you to configure a secure
SNMP environment.
The SNMPv3 protocol uses different terminology than the SNMPv1 and
SNMPv2c protocols. In the SNMPv1 and SNMPv2c protocols, the terms
agent and manager are used. An agent is the software within an SNMP
user while a manager is an SNMP host. In the SNMPv3 protocol, agents
and managers are called entities. In any SNMPv3 communication, there is
an authoritative entity and a non-authoritative entity. The authoritative
entity checks the authenticity of the non-authoritative entity. And, the non-
authoritative entity checks the authenticity of the authoritative entity.
With the SNMPv3 protocol, you create users, determine the protocol used
for message authentication and determine if data transmitted between two
SNMP entities is encrypted. In addition, you can restrict user privileges by
defining which portions of the Management Information Bases (MIB) that
can be viewed by specific users. In this way, you restrict which MIBs a
user can display and modify. In addition, you can restrict the types of
messages, or traps, the user can send. (A trap is a type of SNMP
message.) After you have created a user, you define SNMPv3 message
notification. This consists of determining where messages are sent and
what types of messages can be sent. This configuration is similar to the
SNMPv1 and SNMPv2c configurations because you configure IP
addresses of trap receivers, or hosts.
This section describes the features of the SNMPv3 protocol. The following
subsections are included:
“SNMPv3 Authentication Protocols”
“SNMPv3 Privacy Protocol” on page 203
“SNMPv3 MIB Views” on page 203
“SNMPv3 Configuration Process” on page 204
SNMPv3
Authentication
Protocols
The SNMPv3 protocol supports two authentication protocols— HMAC-
MD5-96 (MD5) and HMAC-SHA-96 (SHA). Both MD5 and SHA use an
algorithm to generate a message digest. Each authentication protocol
authenticates a user by checking the message digest. In addition, both
protocols use keys to perform authentication. The keys for both protocols
are generated locally using the Engine ID and the user password. You can
modify a key only by modifying the user password.
In addition, you have the option of assigning no user authentication. In this
case, no authentication is performed for this user. You may want to make
Содержание AT-GS950/16PS
Страница 12: ...Figures 12...
Страница 14: ...List of Tables 14...
Страница 18: ...Preface 18...
Страница 20: ...20...
Страница 52: ...Chapter 2 System Configuration 52...
Страница 54: ...54...
Страница 92: ...Chapter 5 Multiple Spanning Tree Protocol 92...
Страница 102: ...Chapter 6 Static Port Trunking 102...
Страница 118: ...Chapter 8 Port Mirroring 118...
Страница 140: ...Chapter 11 IGMP Snooping 140...
Страница 174: ...Chapter 14 GVRP 174...
Страница 186: ...Chapter 15 Quality of Service and Cost of Service 186...
Страница 188: ...188...
Страница 216: ...Chapter 17 SNMPv3 216...
Страница 244: ...Chapter 18 Access Control Configuration 244...
Страница 282: ...Chapter 21 Security 282...
Страница 288: ...Chapter 22 Power Over Ethernet PoE 288...
Страница 289: ...289 Chapter 23...
Страница 310: ...Chapter 24 LLDP 310...
Страница 322: ...322...
Страница 334: ...Chapter 26 Software Configuration Updates 334...
Страница 346: ...Chapter 28 Rebooting the AT GS950 16PS 346...
Страница 368: ...Appendix A MSTP Overview 368...
Страница 386: ...Appendix B AT GS950 16PS Default Parameters 386...