Chapter 17: SNMPv3
Overview
SNMPv3
Authentication
Protocols
The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c protocol implementation which is described in Chapter 16 on page 189. In SNMPv3,
The SNMPv3 protocol uses different terminology than the SNMPv1 and SNMPv2c protocols. In the SNMPv1 and SNMPv2c protocols, the terms agent and manager are used. An agent is the software within an SNMP user while a manager is an SNMP host. In the SNMPv3 protocol, agents and managers are called entities. In any SNMPv3 communication, there is an authoritative entity and a
With the SNMPv3 protocol, you create users, determine the protocol used for message authentication and determine if data transmitted between two SNMP entities is encrypted. In addition, you can restrict user privileges by defining which portions of the Management Information Bases (MIB) that can be viewed by specific users. In this way, you restrict which MIBs a user can display and modify. In addition, you can restrict the types of messages, or traps, the user can send. (A trap is a type of SNMP message.) After you have created a user, you define SNMPv3 message notification. This consists of determining where messages are sent and what types of messages can be sent. This configuration is similar to the SNMPv1 and SNMPv2c configurations because you configure IP addresses of trap receivers, or hosts.
This section describes the features of the SNMPv3 protocol. The following subsections are included:
“SNMPv3 Authentication Protocols”
“SNMPv3 Privacy Protocol” on page 203
“SNMPv3 MIB Views” on page 203
“SNMPv3 Configuration Process” on page 204
The SNMPv3 protocol supports two authentication protocols— HMAC-
In addition, you have the option of assigning no user authentication. In this case, no authentication is performed for this user. You may want to make
202
