Simple Network Management Protocol 3

the format of the MIB specifications and the protocol used to access this information over the network.

The switch includes an onboard agent that supports SNMP versions 1, 2c, and 3. This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports. A network management station can access this information using software such as HP OpenView. Access to the onboard agent from clients using SNMP v1 and v2c is controlled by community strings. To communicate with the switch, the management station must first submit a valid community string for authentication.

Access to the switch using from clients using SNMPv3 provides additional security features that cover message integrity, authentication, and encryption; as well as controlling user access to specific areas of the MIB tree.

The SNMPv3 security structure consists of security models, with each model having it’s own security levels. There are three security models defined, SNMPv1, SNMPv2c, and SNMPv3. Users are assigned to “groups” that are defined by a security model and specified security levels. Each group also has a defined security access to set of MIB objects for reading and writing, which are known as “views.” The switch has a default view (all MIB objects) and default groups defined for security models v1 and v2c. The following table shows the security models and levels available and the system default settings.

Table 3-4 SNMPv3 Security Models and Levels

Model

Level

Group

Read View

Write View

Notify View

Security

v1

noAuthNoPriv

public

defaultview

none

none

Community string only

 

 

(read only)

 

 

 

 

v1

noAuthNoPriv

private

defaultview

defaultview

none

Community string only

 

 

(read/write)

 

 

 

 

v1

noAuthNoPriv

user defined

user defined

user defined

user defined

Community string only

 

 

 

 

 

 

 

v2c

noAuthNoPriv

public

defaultview

none

none

Community string only

 

 

(read only)

 

 

 

 

v2c

noAuthNoPriv

private

defaultview

defaultview

none

Community string only

 

 

(read/write)

 

 

 

 

v2c

noAuthNoPriv

user defined

user defined

user defined

user defined

Community string only

 

 

 

 

 

 

 

v3

noAuthNoPriv

user defined

user defined

user defined

user defined

A user name match only

 

 

 

 

 

 

 

v3

AuthNoPriv

user defined

user defined

user defined

user defined

Provides user

 

 

 

 

 

 

authentication via MD5 or

 

 

 

 

 

 

SHA algorithms

v3

AuthPriv

user defined

user defined

user defined

user defined

Provides user

 

 

 

 

 

 

authentication via MD5 or

 

 

 

 

 

 

SHA algorithms and data

 

 

 

 

 

 

privacy using DES 56-bit

 

 

 

 

 

 

encryption

Note: The predefined default groups and view can be deleted from the system. You can then define customized groups and views for the SNMP clients that require access.

3-39

Page 83
Image 83
Accton Technology ES3552XA manual SNMPv3 Security Models and Levels, Level Group Read View Write View Notify View Security