Chapter 8 User Authentication
’WriteCommG’ group by default. This allows you to view the agent’s MIB tree and change any of the values in the MIB tree.
If you delete the ReadCommN or WriteCommN users, the ReadCommG or WriteCommG groups, or the SNMPv1View you may not be able to access the switch using SNMPv1 or SNMPv2c.
In addition, traps are sent to designated trap receivers. Packets with trap information also contains a trap community string.
SNMPv2c
SNMPv2c is very similar to SNMPv1. However, SNMPv2c adds support for the
SNMPv3
SNMPv3 enables the following features over SNMPv1 or v2c:
•User authentication with a username and password.
•Communication encryption between the Network Management Station (NMS) and the SNMP agent at the application level
•Access control definition for specific MIB items available on the SNMP agent
•Notification of specified network events directed toward specified users
•Definition of roles using access control, each with unique access permissions and authentication/encryption requirements
The basic components in SNMPv3 access control are users, groups, and views.
In addition. SNMPv3 uses an SNMP engine ID to identify SNMP identity. An SNMP engine ID is assigned to each IP address of each device in the network. Each SNMP engine ID should be unique in the network.
Users
SNMPv3 uses the
A maximum of 21 users, including local users and remote users getting notifications can be defined on a stack. If the SNMP engine ID changes, all users other than the default user for the stack are invalid and must be redefined. The SNMP engine ID can be changed via the CLI. In addition, a change in the IP address of the stack automatically changes the SNMP engine ID.
SNMPv3 supports three security levels:
•NoAuthNoPriv – This is the lowest level of SNMPv3 security. No (Message Authentication Code) MAC is provided with the message, and no encryption is performed. This method is maintains the same security level as SNMPv1, but provides a method for limiting the access rights of a user.
Avaya | 41 |
