Cisco Systems 15310-MA 12.3 SNMP Version Support, 12.4 SNMP Message Types

12-4

Cisco ONS 15310-MA SDH Reference Manual, Release 9.1 and Release 9.2

78-19417-01

Chapter 12 SNMP

SNMP Version Support

12.3 SNMP Version Support

The ONS 15310-MA SDH support SNMP v1, SNMPv2c and SNMPv3 traps and get requests. The

SNMP MIBs in the ONS 15310-MA SDH systems define alarms, traps, and status. Through SNMP,

NMS applications can use a supported MIB to query a management agent. The functional entities include

Ethernet switches and SDH multiplexers. Refer to the Cisco ONS 15310-MA SDH Procedure Guide for

procedures to set up or change SNMP settings.

12.3.1 SNMPv3 Support

Cisco ONS 15310-MA SDH Software R9.0 and later supports SNMPv3 in addition to SNMPv1 and

SNMPv2c. SNMPv3 is an interoperable standards-based protocol for network management. SNMPv3

provides secure access to devices by a combination of authentication and encryption packets over the

network based on the User Based Security Model (USM) and the View-Based Access Control Model

(VACM).

• User-Based Security Model—The User-Based Security Model (USM) uses the HMAC algorithm

for generating keys for authentication and privacy. SNMPv3 authenticates data based on its origin,

and ensures that the data is received intact. SNMPv1 and v2 authenticate data based on the plain text

community string, which is less secure when compared to the user-based authentication model.

• View-Based Access Control Model—The view-based access control model controls the access to

the managed objects. RFC 3415 defines the following five elements that VACM comprises:

–

Groups—A set of users on whose behalf the MIB objects can be accessed. Each user belongs to

a group. The group defines the access policy, notifications that users can receive, and the

security model and security level for the users.

–

Security level—The access rights of a group depend on the security level of the request.

–

Contexts—Define a named subset of the object instances in the MIB. MIB objects are grouped

into collections with different access policies based on the MIB contexts.

–

MIB views—Define a set of managed objects as subtrees and families. A view is a collection or

family of subtrees. Each subtree is included or excluded from the view.

–

Access policy—Access is determined by the identity of the user, security level, security model,

context, and the type of access (read/write). The access policy defines what SNMP objects can

be accessed for reading, writing, and creating.

Access to information can be restricted based on these elements. Each view is created with different

access control details. An operation is permitted or denied based on the access control details.

You can configure SNMPv3 on a node to allow SNMP get and set access to management information

and configure a node to send SNMPv3 traps to trap destinations in a secure way. SNMPv3 can be

configured in secure mode, non-secure mode, or disabled mode.

SNMP, when configured in secure mode, only allows SNMPv3 messages that have the authPriv security

level. SNMP messages without authentication or privacy enabled are not allowed. When SNMP is

configured in non-secure mode, it allows SNMPv1, SNMPv2, and SNMPv3 message types.

12.4 SNMP Message Types

The ONS 15310-MA SDH SNMP agents communicate with an SNMP management application using

SNMP messages. Table 12- 1 describes these messages.