Cisco Systems DOC-7814982 SNMP Versions

24-2

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 24 Configuring SNMP

Unders tanding SNMP

•Using SNMP to Access MIB Variables, page 24-4

•SNMP Notifications, page 24-5

SNMP Versions

This sof tware rel ease su ppor ts t hese SNM P version s:

•SNMPv1—The Simpl e N et work M anag eme nt Pr otoc ol, a Full Int erne t St anda rd , defined i n

RFC 1157.

•SNMPv2C repl ace s the Party- base d Adm inist rat ive an d Sec urit y Fra mework of SNM Pv2 Classi c

with the co mmunity-str ing-based Adm inistrati v e Frame wo rk of SNM Pv2C while retaining the b ulk

retrieval and improved error handl ing of SNMP v2Classic . It has these fe ature s:

–

SNMPv2—Vers ion 2 of the Simpl e Net work Ma nage ment Pro toco l, a Draf t Inter net Sta ndard ,

defined in RFCs 1902 through 190 7.

–

SNMPv2C—The community-string-based Administrative Framework for SNMPv2, an

Experi menta l In t erne t Pro toco l de fined in RFC 190 1.

•SNMPv3—Vers ion 3 of t h e SNM P is a n in tero pera ble standa rd s-base d proto col defined in RFCs

2273 to 22 7 5. SNMPv 3 pr ovide s se cu re access to devices by authentica tin g and encr yp ting packets

over the network and includes these security features:

–

Message integrity—ensuring that a packet was not tampered with in transit

–

Authentication—dete rmi nin g th at th e mes sa ge is from a valid sourc e

–

Encryption—mixing the contents of a package to prevent it from being read by an unauthorized

source.

Note To select encryption, enter the priv keyword. Th is keyword is available onl y whe n the

crypto (encrypt ed) sof tware imag e is ins talled .

Both SNMPv 1 and SNMP v2C use a comm unity- based form of securi ty. The c ommunit y of manage rs

abl e to ac cess the ag ent ’s M IB is defined by an IP address acce ss contro l list and pa ssword.

SNMPv2C includes a bulk retrieval mechanism and more detailed error message reporting to

management stati ons. The bu lk retrieval mech anism retrieves tables and lar ge qua ntities of inf ormation,

minimiz ing the n umber o f r ou nd-tr ips r equi red. T he SN MP v2C imp roved error-han dl ing inc lude s

expanded er ror codes th at disti nguish different kinds of erro r condi tions; th ese condi tions are re port ed

through a sing le er ror c od e i n SN MP v1. E rr or ret ur n cod es in S NM Pv2 C r eport the erro r ty pe.

SNMPv3 provides for both security models and security levels. A security model is an authentication

strategy set up for a user and the group within which the user resid es. A security level is the permitted

level of security within a security model. A combination of the security level and the security model

determ ine which security me chanism i s used when handling an SNMP pack et. Avai lable securi ty mode ls

are SNMPv1, SNMPv2C, and SNMPv3.

Table 24-1 identifies the characteristics of the different combinations of security models and levels.