278
Network Administration: SNMP Monitoring
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Dell Astute\User
Guide\Dell_Astute_Network_Admin_SNMP.fm
D E L L C O N F ID E N T IA L – P R E L IM I N A R Y 8 / 9 /1 6 - FO R PR O O F O N L Y
SNMP v3
In addition to the features provided by SNMPv1 and SNMPv2, SNMPv3
applies access control and a new trap mechanism to SNMPv1 and SNMPv2
PDUs. In addition, a User Security Model (USM) can be defined, which
includes:
•
Authentication
— Provides data integrity and data origin authentication.
•
Privacy
— Protects against disclosure of message content. Cipher Block-
Chaining
(CBC) is used for encryption. Either authentication alone can
be enabled on an SNMP message, or both authentication and privacy can
be enabled on an SNMP message. However privacy cannot be enabled
without authentication.
•
Timeliness
— Protects against message delay or message redundancy. The
SNMP agent compares incoming message to the message time
information.
•
Key Management
— Defines key generation, updates, and use.
The switch supports SNMP notification filters, based on Object IDs (OIDs),
which are used by the system to manage switch features.
Authentication or Privacy Keys are modified in the
User Security Model
(USM)
.
SNMPv3 can only be enabled if the Local Engine ID is enabled.
SNMP Access Rights
Access rights in SNMP are managed in the following ways:
•
SNMPv1 and SNMPv2
— Communities
The community name is a password sent by the SNMP management
station to the device for authentication purposes.
A community string is transmitted along with the SNMPv1,v2 frames, but
neither the frames nor the community string are encrypted. Since
SNMPv1 and SNMPv2 are not encrypted, they are not secure.
Communities can be associated with views or groups, and they are defined
in the
Community
pages.