SNMP Configuration
USM/VACM Configuration
USM provides authentication and privacy services for SNMPv3. USM provides improved security over SNMPv1 and SNMPv2 by adding encryption and synchronized time indicators. Although USM uses cryptography to support the underlying protocol, it is a
USM uses loosely synchronized monotonically increasing time indicators to defend against certain message stream modification attacks. Automatic clock synchronization mechanisms based on the protocol are specified without dependence on
VACM is an architecture for viewing and controlling users. VACM defines the access control policy that determines which users can access which subset of MIB objects in the Broadmore. VACM also defines the type of access (Read/Write) over a view.
The Broadmore organizes the USM/VACM into four tables or entities: Views, Users, Groups, and Access. With each entity, the following actions are associated:
Edit – used to modify an existing User, View, Group or an Access entry
Copy – used to copy the information for an existing User, View, Group or an Access entry as a basis for a new one
Delete – used to delete an existing User, View, Group or an Access entry New – used to add a new User, View, Group or an Access entry
Validate Table – used to check table entries for consistency with other tables.
The Communities table supports the coexistence of SNMP v1, v2, and v3 access described in RFC 2576. The Communities table supports v1/v2 get, set, and trap requests within USM/VACM.
NOTE: When configuring USM/VACM, please note the consequences of selecting certain “Storage Type” parameters in the tables. “Permanent” entries cannot be deleted except by deleting the entire SNMP configuration and rebooting. “Read Only” entries can only be edited or removed by deleting the entire SNMP configuration and rebooting.
Broadmore 1750 - Release 4.6 |
|
