Allied Telesis AT-GS950/10PS, AT-S110 SNMPv3 Authentication Protocols

Chapter 17: SNMPv3

202

Overview

The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c

protocol implementation which is described in Chapter 16 on page 189. In

SNMPv3, User-based Security Model (USM) authentication is

implemented along with encryption, allowing you to configure a secure

SNMP environment.

The SNMPv3 protocol uses different terminology than the SNMPv1 and

SNMPv2c protocols. In the SNMPv1 and SNMPv2c protocols, the terms

agent and manager are used. An agent is the software within an SNMP

user while a manager is an SNMP host. In the SNMPv3 protocol, agents

and managers are called entities. In any SNMPv3 communication, there is

an authoritative entity and a non-authoritative entity. The authoritative

entity checks the authenticity of the non-authoritative entity. And, the non-

authoritative entity checks the authenticity of the authoritative entity.

With the SNMPv3 protocol, you create users, determine the protocol used

for message authentication and determine if data transmitted between two

SNMP entities is encrypted. In addition, you can restrict user privileges by

defining which portions of the Management Information Bases (MIB) that

can be viewed by specific users. In this way, you restrict which MIBs a

user can display and modify. In addition, you can restrict the types of

messages, or traps, the user can send. (A trap is a type of SNMP

message.) After you have created a user, you define SNMPv3 message

notification. This consists of determining where messages are sent and

what types of messages can be sent. This configuration is similar to the

SNMPv1 and SNMPv2c configurations because you configure IP

addresses of trap receivers, or hosts.

This section describes the features of the SNMPv3 protocol. The following

subsections are included:

“SNMPv3 Authentication Protocols”

“SNMPv3 Privacy Protocol” on page 203

“SNMPv3 MIB Views” on page 203

“SNMPv3 Configuration Process” on page 204

SNMPv3AuthenticationProtocols

The SNMPv3 protocol supports two authentication protocols— HMAC-

MD5-96 (MD5) and HMAC-SHA-96 (SHA). Both MD5 and SHA use an

algorithm to generate a message digest. Each authentication protocol

authenticates a user by checking the message digest. In addition, both

protocols use keys to perform authentication. The keys for both protocols

are generated locally using the Engine ID and the user password. You can

modify a key only by modifying the user password.

In addition, you have the option of assigning no user authentication. In this

case, no authentication is performed for this user. You may want to make