Cisco Systems 2950 SNMP Versions

23-2

Catalyst2950 Desktop Switch Software Configuration Guide

78-11380-05

Chapter23 Configuring SNMP

Understanding SNMP

•Using SNMP to Access MIB Variables, page 23-4

•SNMP Notifications, page 23-5

SNMP Versions

This software release supports these SNMP versions:

•SNMPv1—The Simple Network Management Protocol, a Full Internet Standard , define d i n

RFC 1157.

•SNMPv2C replaces the Party-based Administrative and Security Framework of SNMPv2Classic

with the community-string-based Administrative Framework of SNMPv2C while retaining the b ulk

retrieval and improved error handling of SNMPv2Classic. It has these features:

–

SNMPv2—Version 2 of the Simple Network Management Protocol, a Draft Internet Standard,

defined in RFCs 1902 through 1907.

–

SNMPv2C—The community-string-based Administrative Framework for SNMPv2, an

Experimental Internet Protocol defined in RFC 1901.

•SNMPv3—Version 3 of the SNMP is an interoperable standards-based protocol defined in RFCs

2273 to 2275. SNMPv3 provides secure access to devices by authenticating and encrypting packets

over the network and includes these security features:

–

Message integrity—ensuring that a packet was not tampered with in transit

–

Authentication—determining that the message is from a valid sou rce

Both SNMPv1 and SNMPv2C use a community-based form of security. The community of managers

able to access the agent’s MIB is defined by an IP address access control list and password.

SNMPv2C includes a bulk retrieval mechanism and more detailed error message reporting to

management stations. The bulk retrieval mechanism retrieves tables and lar ge qua ntities of inf ormation,

minimizing the number of round-trips required. The SNMPv2C imp roved error-han dl ing inc lude s

expanded error codes that distinguish different kinds of error conditions; these conditions are repo rted

through a single error code in SNMPv1. Error return cod es in SN M Pv2 C r eport the erro r ty pe.

SNMPv3 provides for both security models and security levels. A security model is an authentication

strategy set up for a user and the group within which the user resides. A security level is the permitted

level of security within a security model. A combination of the security level and the security model

determine which security mechanism is used when handling an SNMP pack et. Available security models

are SNMPv1, SNMPv2C, and SNMPv3.

Table23-1 identifies the characteristics of the different combinations of security models and levels.

Table23-1 SNMP Security Models and Levels

Model Level Authentication Encryption Result

SNMPv1 noAuthNoPriv Community string No Uses a community string m atch for authentication.

SNMPv2C noAuthNoPriv Community string No Uses a community string m atch for authentication.

SNMPv3 noAuthNoPriv Username No Uses a username match for authentication.

SNMPv3 authNoPriv MD5 or SHA No Provides authentication based on the HMAC-MD5

or HMAC-SHA algorithms.