SmartNA-X 1G/10G Modular | SNMP |
77
SmartNA-X
™
1G/10G User Guide 1.4
©
2015 Network Critical Solutions Limited
•
Authentication
—Provides data integrity and data origin authentication.
•
Privacy
—Protects against disclosure message content. Cipher Block- Chaining (CBC) is used for encryption. Either
authentication alone is enabled on an SNMP message, or both authentication and privacy are enabled on an SNMP
message. However, privacy cannot be enabled without authentication.
•
Timeliness
—Protects against message delay or playback attacks. The SNMP agent compares the incoming message
time stamp to the message arrival time.
•
Key Management
—Defines key generation, key updates, and key use. The device supports SNMP notification filters
based on Object IDs (OID). OIDs are used by the system to manage device features.
For access control, the SNMPv3 architecture introduces View-based Access Control Model (VACM). VACM provides
more robust privacy and authentication mechanisms over previous versions, and allows for more flexibility in both user
configuration and view configuration.
VACM can also deal with cases where a client wants to connect using SNMPv1/v2. For these clients the SNMPv1/v2
community string is mapped onto a “security name” and added to a group, just like SNMPv3 users.
SNMP workflow
SNMP v1 and v2 workflow:
If you decide to use SNMP v1 or v2, define a community by using the
Add community
dialog. Configure the access rights
of a community as read-only or read-write. In addition, you can restrict the access to the community to only certain MIB
objects by specifying an OID.
SNMPv3 workflow:
In SNMPv3, users are organized into groups and are useless unless included in a group. A group is a label for a logical
entity (combination of attributes). A group is operational only when it is associated with an SNMP user or an SNMP
community. A group also has an attribute that tells if members should have read, write, and/or notify privileges for the
view. If you decide to use SNMP v3, the recommended series of actions for configuring is as follows:
1.
Define the users and their access models.
2.
Map any SNMP v1 communities to a security name.
3.
Create groups.
4.
Define the views that the group will be restricted to.
5.
Define an access policy for the group.
Traps and notifications management for SNMP v1, v2, or v3:
This device is able to send traps and notifications to registered SNMP notification recipients. To set up traps and
notifications:
1.
Enable or disable the required
Send notifications
checkboxes.
2.
Define notification recipients by using the
Configure notification hosts
dialog.
SNMP Engine ID
This device uses a fixed SNMP Engine ID which cannot be changed. The Engine ID is used by SNMPv3 entities to
uniquely identify them to other SNMP managers and agents and must therefore be unique for an administrative domain.
To view the Engine ID, select the
SNMP
tab. The Engine ID location is highlighted in the following figure.