Enterasys Networks 9034313-07 SNMPv1 and SNMPv2c, SNMPv3, About Snmp Security Models and Levels

SNMP Configuration Summary

SNMPv1 and SNMPv2c

The components of SNMPv1 and SNMPv2c network management fall into three categories:

•Managed devices (such as a switch).

•SNMP agents and MIBs, including SNMP traps, community strings, and Remote Monitoring (RMON) MIBs, which run on managed devices.

•SNMP network management applications, such as the Enterasys NetSight application, which communicate with agents to get statistics and alerts from the managed devices.

SNMPv3

SNMPv3 is an interoperable standards‐based protocol that provides secure access to devices by authenticating and encrypting frames over the network. The advanced security features provided in SNMPv3 are as follows:

–Message integrity — Collects data securely without being tampered with or corrupted.

–Authentication — Determines the message is from a valid source.

–Encryption — Scrambles the contents of a frame to prevent it from being seen by an unauthorized source.

Unlike SNMPv1 and SNMPv2c, in SNMPv3, the concept of SNMP agents and SNMP managers no longer apply. These concepts have been combined into an SNMP entity. An SNMP entity consists of an SNMP engine and SNMP applications. An SNMP engine consists of the following four components:

•Dispatcher — This component sends and receives messages.

•Message processing subsystem — This component accepts outgoing PDUs from the dispatcher and prepares them for transmission by wrapping them in a message header and returning them to the dispatcher. The message processing subsystem also accepts incoming messages from the dispatcher, processes each message header, and returns the enclosed PDU to the dispatcher.

•Security subsystem — This component authenticates and encrypts messages.

•Access control subsystem — This component determines which users and which operations are allowed access to managed objects.

About SNMP Security Models and Levels

An SNMP security model is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. The three levels of SNMP security are: No authentication required (NoAuthNoPriv); authentication required (AuthNoPriv); and privacy (authPriv). A combination of a security model and a security level determines which security mechanism is employed when handling an SNMP frame. Table 8‐1 identifies the levels of SNMP security available on SecureStack C3 devices and authentication required within each model.

8-2 SNMP Configuration