Chapter 8 User Authentication

’WriteCommG’ group by default. This allows you to view the agent’s MIB tree and change any of the values in the MIB tree.

If you delete the ReadCommN or WriteCommN users, the ReadCommG or WriteCommG groups, or the SNMPv1View you may not be able to access the switch using SNMPv1 or SNMPv2c.

In addition, traps are sent to designated trap receivers. Packets with trap information also contains a trap community string.

SNMPv2c

SNMPv2c is very similar to SNMPv1. However, SNMPv2c adds support for the get-bulkaction and supports a different trap format.

SNMPv3

SNMPv3 enables the following features over SNMPv1 or v2c:

User authentication with a username and password.

Communication encryption between the Network Management Station (NMS) and the SNMP agent at the application level

Access control definition for specific MIB items available on the SNMP agent

Notification of specified network events directed toward specified users

Definition of roles using access control, each with unique access permissions and authentication/encryption requirements

The basic components in SNMPv3 access control are users, groups, and views.

In addition. SNMPv3 uses an SNMP engine ID to identify SNMP identity. An SNMP engine ID is assigned to each IP address of each device in the network. Each SNMP engine ID should be unique in the network.

Users

SNMPv3 uses the User-based Security Model (USM) for security, and the View-based Access Control Model (VACM) for access control. USM uses the HMAC-MD5-96 and HMAC-SHA-96 protocols for user authentication, and the CBC-DES56 protocol for encryption or privacy.

A maximum of 21 users, including local users and remote users getting notifications can be defined on a stack. If the SNMP engine ID changes, all users other than the default user for the stack are invalid and must be redefined. The SNMP engine ID can be changed via the CLI. In addition, a change in the IP address of the stack automatically changes the SNMP engine ID.

SNMPv3 supports three security levels:

NoAuthNoPriv – This is the lowest level of SNMPv3 security. No (Message Authentication Code) MAC is provided with the message, and no encryption is performed. This method is maintains the same security level as SNMPv1, but provides a method for limiting the access rights of a user.

Avaya P332G-ML User’s Guide

41

Page 57
Image 57
Avaya P332G-ML manual SNMPv2c, SNMPv3