Asante Technologies IC36240 user manual Security Levels, Support

5.3.3 Security Levels

SNMPv3 has three levels of security. The lowest level does not provide authentication or privacy (noAuthNoPriv). This level is comparable to SNMPv1. The second level provides authentication, but no privacy (AuthNoPriv). The highest level provides authentication and security (AuthPriv). Based on protection needs you should use some combination of these security levels.

Authentication, privacy, and access control combined address the security threats faced by SNMP, including Modification of Information, Masquerade, Disclosure, and Message Stream Modification attacks. SNMPv3 provides these security features.

SNMPv3 does not protect the network from Denial of Service and Traffic Analysis attacks.

5.3.4 Support

The IntraCore IC36240 switch supports Simple Network Management Protocol (SNMP) v1, v2 and v3. SNMP v3 provides additional security for your network. The SNMP system consists of three parts: an SNMP manager, an SNMP agent, and a Management Information Base (MIB). SNMP is an application-layer protocol that allows SNMP manager and agent stations to communicate. SNMP provides a message format for sending information between an SNMP manager and an SNMP agent. The agent and MIB reside on the switch. In configuring SNMP on the switch, the relationship between the manager and the agent must be defined.

The SNMP agent gathers data from the MIB, which holds the information about device parameters and network data. The agent also responds to the manager’s requests to get or set data. An agent can also send unsolicited traps to the manager. Traps are messages alerting the SNMP manager to a specific event on the network. Such events include improper user authentication, restarts, link status (up or down), closing of a TCP connection, or loss of connection to a neighboring switch. An SNMP manager can request a value from an agent, or store or change a value in that agent.

To configure support for SNMP on the switch, perform the following tasks:

•Create or Modify Access Control for SNMP Community

•Establish the Contact and Location of SNMP Agent

•Define SNMP Trap Operations

•Disable the SNMP Agent

Create or Modify Access Control for SNMP Community

You can configure a community string, which acts like a password, to permit access to the agent on the switch.

•Read Only (ro): The string that defines access rights for reading SNMP data objects. The default is public.

•Read-Write (rw): The string that defines access rights for writing SNMP data objects. The default is private.

Important! Be sure to change the SNMP default community strings in order to prevent unauthorized access to management information.