Configuring the Switch
3-32
3
standard presentation of the information controlled by the agent. SNMP defines both
the format of the MIB specifications and the protocol used to access this information
over the network.
The switch includes an onboard agent that supports SNMP versions 1, 2c, and 3.
This agent continuously monitors the status of the switch hardware, as well as the
traffic passing through its ports. A network management station can access this
information using software such as HP OpenView. Access to the onboard agent
using SNMP v1 and v2c is controlled by community strings. To communicate with
the switch, the management station must first submit a valid community string for
authentication.
Access to the switch using SNMPv3 provides additional security featur es that cover
message integrity, authentication, and encryption; as well as controlling user access
to specific areas of the MIB tree.
The SNMPv3 security structure consists of security models, with each model ha ving
it’s own security levels. There are three security models defined, SNMPv1,
SNMPv2c, and SNMPv3. Users are assigned to “groups” that are defined by a
security model and specified security levels. Each group also has a defined securit y
access to set of MIB objects for reading and writing, which are known as “views.”
The switch has a default view (all MIB objects) and default groups defined for
security models v1 and v2c. The following table shows the security models and
levels available and the system default settings.
Note: The predefined default groups and view can be deleted from the system.
Table3-1. SNMPv3 Security Mo dels and Levels
Model Level Group Read View Write View Security
v1 noAuthNoPriv DefaultROGroup defaultview none Community string only
v1 noAuthNoPriv DefaultRWGroup defaultview defaultview Community string only
v1 noAuthNoPriv user defined user defined user defined Community string only
v2c noAuthNoPriv DefaultROGroup defaultview none Community string only
v2c noAuthNoPriv DefaultRWGroup defaultview defaultview Community string only
v2c noAuthNoPriv user defined user defined user defined Community string only
v3 noAuthNoPriv user defined user defined user defined A user name match only
v3 AuthNoPriv user defined user defined user defined Provides user authentica tion
via MD5 or SHA algorithms
v3 AuthPriv user defined user defined user defined Provides user authentication
via MD5 or SHA algorithms
and data privacy using DES
56-bit encryption