Nortel Networks 8600 manual SNMPv3 Overview, Udp

Page 6

Technical Configuration Guide for SNMP

v2.0

December 2006

1. SNMPv3 Overview

SNMPv3 is the third version of the Internet-Standard Management Framework and is derived from and builds upon both the original Internet-Standard Management Framework (SNMPv1) and the second Internet-Standard Management Framework (SNMPv2). SNMPv3 is not a stand-alone replacement for SNMPv1 and/or SNMv2. It defines security capabilities to be used in conjunction with SNMPv2 (preferred) or SNMPv1. As shown in the Figure 1 below, SNMPv3 specifies a User Security Model (USM) that uses a payload of either a SNMPv1 or a SNMPv2 protocol data unit (PDU).

PDU Processing

(SNMPv1 or SNMPv2)

Message Processing

(SNMPv3 USM)

 

UDP

 

 

 

 

 

IP

 

 

 

 

PDU

= Protocol Data Unit

USM

= User Based Security

 

 

 

SNMP PDU

 

 

 

 

 

 

 

 

 

 

V3-MH

SNMP PDU

 

 

 

 

 

 

 

 

 

UDP-H

V3-MH

SNMP PDU

 

 

 

 

 

 

 

 

IP-H

UDP-H

V3-MH

SNMP PDU

 

 

 

 

IP-H = IP header

UDP-H = UDP header

V3-MH = SNMPv3 message header

Figure 1: SNMPv3 USM

Authentication within the User-based Security Model (USM) allows the recipient of the message to verify whom the message is from and whether the message has been altered. As per RFC 2574, if authentication is used, the entire message is checked for the integrity. Authentication uses a secret key to produce a fingerprint of the message, which is included in the message. The receiving entity uses the same secret key to validate the fingerprint. Currently there are 2 authentication protocols defined, HMAC-MD5 and HMAC-SHA-96 for use with USM.

While the USM provides the user-name/password authentication and privacy services, control access to management information (MIB) must be defined. The View-based Access Control Module (VACM) is used to define a set of services that an application can use for checking access rights (read, write, notify) to a particular object. VACM uses the ASN.1 notation (3.6.1.4) or the name of the SNMP MIB branch, i.e. Org.Dod.Internet.Private. The administrator can define a MIB group view for a user to allow access to an appropriate portion of the MIB matched to an approved security level. The three security levels are:

NoAuthNoPriv-Communication without authentication and privacy

AuthNoPriv-Communication with authentication (MD5 or SHA) and without privacy

AuthPriv-Communication with authentication (MD5 or SHA) and privacy (DES or AES)

NOTE: Please refer to the Ethernet Routing Switch 8600 4.1 release notes (Part number 317177- D Rev 01) regarding important information regarding SNMPv3. Special considerations need to be considered regarding hidden and encrypted that contains community table information.

______________________________________________________________________________________________________

NORTEL

External Distribution

5

Image 6
Contents Technical Configuration Guide for Snmp Disclaimer Abstract Table of Contents List of Figures List of TablesSNMPv3 Overview UDPSnmp Upgrade Considerations Hidden File DetailsBlocking Snmp ERS-86105#config bootconfig flags block-snmp trueERS-86105#config bootconfig flags block-snmp false Blocking SNMPv1/2 onlyERS-86065#config sys access-policy enable true/false ERS-86065#config sys access-policy policyERS-86065#config sys access-policy policy 1..65535 ? ERS-86065#config sys access-policy policy 2 accesslevel rwa Snmp Group Access Policy Release 3.7.9, 4.1 or higherERS-86065#config sys access-policy enable true ERS-86065#show sys access-policy info policy2SNMPv3 Group Access Policy Configuration Example ERS-86105#config sys access-policy policy 1 service ?ERS-86105#config sys access-policy policy 2 enable ERS8610-B5#show snmp-v3 group-accessAdd the SNMPv1/2 group name and models to policy ERS-86105# Snmp Community Strings Config snmp-v3 community create followed by ERS-86065#config snmp-v3 community info ERS8600G3# config snmp-v3 community infoParameter ERS-86065#config snmp-v3 notify ? ERS-86065#config snmp-v3 target-addr ?ERS-86065#show snmp-v3 notify info ERS-86065#config snmp-v3 target-addr delete TAddr1 ERS-86065#config snmp-v3 target-addr infoERS-86105#config snmp-v3 target-param info New Default Community Strings in High Secure hsecure Mode ERS-86065#config bootconfig flags hsecure falsetrueSnmp Settings ERS-86065#config sys set snmp ?ERS-86065#config sys set sendAuthenticationTrap true Technical Configuration Guide for Snmp V2.0 Snmp with Radius Authentication and Accounting Configuring SNMPv3 Loading the DES or AES Encryption ModuleAdding a New SNMPv3 User to USM Table ERS-86105#config snmp-v3 usm info ERS-8610-C5#config snmp-v3 group-member infoAssign USM User to USM Group Assigning the USM Group Access Level ERS-86105#config snmp-v3 group-access infoERS-86105#config snmp-v3 mib-view info Assigning the MIB View to the USM GroupCreating a MIB View MIB StructureERS-86065#config sys set snmp community rwa rwa123pp8600 Configuration Example Changing Snmp CommunitiesConfiguration Example Snmp Communities with Release ERS-86065#config sys set snmp community ro ro567pp8600Out of 3 Total entries displayed ERS-8610-C5#config snmp-v3 community info ERS-8610-C5#config snmp-v3 group-access infoERS-8610-C5#config snmp-v3 mib-view info Testing Snmp Using Device Manager Technical Configuration Guide for Snmp V2.0 Configuration Example Using SNMPv3 Testing SNMPv3 Using Device Manager ERS-86105#config snmp-v3 usm create user2 md5 auth user2abcdSoftware Baseline Reference Documentation Document Title Publication Description NumberAppendix a Configuration Files From Configuration Example# Snmp V3 Notify Filter Configuration Contact us
Related manuals
Manual 62 pages 39.02 Kb Manual 136 pages 14.91 Kb Manual 44 pages 49.61 Kb Manual 88 pages 41.11 Kb

8600 specifications

Nortel Networks 8600 is a highly regarded member of the Nortel Ethernet routing portfolio, specifically designed to meet the demands of today's bandwidth-hungry environments. This advanced platform is a favorite for service providers and enterprises due to its scalability, reliability, and performance capabilities.

One of the standout features of the Nortel 8600 is its exceptional scalability. The platform supports a wide range of Ethernet services that can accommodate the growth of network applications without requiring significant overhaul. This scalability is driven by its ability to provide multiple 10 Gigabit and 100 Gigabit Ethernet ports, allowing organizations to expand their network as bandwidth needs increase.

The 8600 employs a robust architecture that enhances its performance. It utilizes a switching fabric that delivers high throughput and low latency, making it ideal for applications that demand real-time data transmission, such as voice over IP (VoIP) and video streaming. With support for high-density Ethernet, the 8600 can handle a large number of simultaneous connections, facilitating seamless experiences for end-users.

Another technological highlight of the Nortel 8600 is its integrated service capabilities. The platform incorporates advanced quality of service (QoS) features that prioritize bandwidth for critical applications, ensuring reliable performance even during peak usage times. The 8600 also supports comprehensive security protocols, providing peace of mind for organizations as they navigate the complexities of modern cybersecurity challenges.

Additionally, the platform offers advanced management features that simplify network administration. Built-in tools for monitoring and reporting enhance operational visibility, enabling IT teams to quickly identify and resolve issues. The 8600 is designed to integrate smoothly with existing networking environments, offering interoperability with multiple vendors and protocols, thus protecting investment in other technologies.

Energy efficiency is another characteristic of the Nortel 8600, making it a suitable choice for organizations keen on reducing operational costs and minimizing their environmental impact. The platform is built with energy-saving components and intelligent power management that allow businesses to operate sustainably.

Overall, the Nortel Networks 8600 is a sophisticated routing solution that integrates cutting-edge technologies to meet the demands of modern network environments, making it a preferred choice for organizations seeking a balance between performance, reliability, and cost-effectiveness.