Chapter 8 User Authentication
•AuthNoPriv – User authentication is performed based on MD5 or SHA algorithms. The message is sent with an HMAC that is calculated with the user key. The data part is sent unencrypted.
•AuthPriv – User authentication is performed based on MD5 or SHA algorithms. The message is sent in encrypted MAC that is calculated with the user key, and the data part is sent with DES56 encryption using the user key.
To create an SNMPv3 user account, the following information must be provided:
•UserName – string representing the name of the user. Maximum length: 32 characters.
•Authentication Protocol – The authentication protocol to use. Possible values are: No auth, HMAC MD5, or HMAC
•Authentication Password – The authentication password is transformed using the authentication protocol and the SNMP engine ID to create an authentication key.
•Privacy Protocol – The privacy protocol to use. Possible values are: No privacy, DES privacy.
•Privacy Password – The privacy password is transformed using the privacy protocol and the SNMP engine ID to create a privacy key.
•GroupName – 32 character string representing the name of the group.
•SecurityModel – The security model to use. Possible values are: 1 (SNMPv1), 2 (SNMPv2c), 3 (USM).
Groups
In SNMPv3, each user is mapped to a group. The group maps its users to defined views. These views define sets of access rights, including read, write, and trap or inform notifications the users can receive.
The group maps its users to views based on the security mode and level with which the user is communicating with the switch. Within a group, the following combinations of security mode and level can be mapped to views:
•SNMPv1 – Anyone with a valid SNMPv1 community name.
•SNMPv2c – Anyone with a valid SNMPv2c community name.
•NoAuthNoPriv – An SNMPv3 user using the NoAuthNoPriv security level.
•AuthNoPriv – An SNMPv3 user using the AuthNoPriv security level.
•AuthPriv – An SNMPv3 user using the AuthPriv security level.
If views are not defined for all security modes and levels, a user can access the highest level view below his security level. For example, if the SNMPv1 and SNMPv2c views are undefined for a group, anyone logging in using SNMPv1 and SNMPv2c cannot access the device. If the NoAuthNoPriv view is not defined for a group, SNMPv3 users with a NoAuthNoPriv security level can access the SNMPv2c view.
To create an SNMPv3 group, the following information must be provided:
•GroupName – 32 character string representing the name of the group.
42 | Avaya |