Technical Configuration Guide for SNMP

v2.0

December 2006

1. SNMPv3 Overview

SNMPv3 is the third version of the Internet-Standard Management Framework and is derived from and builds upon both the original Internet-Standard Management Framework (SNMPv1) and the second Internet-Standard Management Framework (SNMPv2). SNMPv3 is not a stand-alone replacement for SNMPv1 and/or SNMv2. It defines security capabilities to be used in conjunction with SNMPv2 (preferred) or SNMPv1. As shown in the Figure 1 below, SNMPv3 specifies a User Security Model (USM) that uses a payload of either a SNMPv1 or a SNMPv2 protocol data unit (PDU).

PDU Processing

(SNMPv1 or SNMPv2)

Message Processing

(SNMPv3 USM)

 

UDP

 

 

 

 

 

IP

 

 

 

 

PDU

= Protocol Data Unit

USM

= User Based Security

 

 

 

SNMP PDU

 

 

 

 

 

 

 

 

 

 

V3-MH

SNMP PDU

 

 

 

 

 

 

 

 

 

UDP-H

V3-MH

SNMP PDU

 

 

 

 

 

 

 

 

IP-H

UDP-H

V3-MH

SNMP PDU

 

 

 

 

IP-H = IP header

UDP-H = UDP header

V3-MH = SNMPv3 message header

Figure 1: SNMPv3 USM

Authentication within the User-based Security Model (USM) allows the recipient of the message to verify whom the message is from and whether the message has been altered. As per RFC 2574, if authentication is used, the entire message is checked for the integrity. Authentication uses a secret key to produce a fingerprint of the message, which is included in the message. The receiving entity uses the same secret key to validate the fingerprint. Currently there are 2 authentication protocols defined, HMAC-MD5 and HMAC-SHA-96 for use with USM.

While the USM provides the user-name/password authentication and privacy services, control access to management information (MIB) must be defined. The View-based Access Control Module (VACM) is used to define a set of services that an application can use for checking access rights (read, write, notify) to a particular object. VACM uses the ASN.1 notation (3.6.1.4) or the name of the SNMP MIB branch, i.e. Org.Dod.Internet.Private. The administrator can define a MIB group view for a user to allow access to an appropriate portion of the MIB matched to an approved security level. The three security levels are:

NoAuthNoPriv-Communication without authentication and privacy

AuthNoPriv-Communication with authentication (MD5 or SHA) and without privacy

AuthPriv-Communication with authentication (MD5 or SHA) and privacy (DES or AES)

NOTE: Please refer to the Ethernet Routing Switch 8600 4.1 release notes (Part number 317177- D Rev 01) regarding important information regarding SNMPv3. Special considerations need to be considered regarding hidden and encrypted that contains community table information.

______________________________________________________________________________________________________

NORTEL

External Distribution

5

Page 5 Page 7
Page 6
Image 6
Nortel Networks 8600 manual SNMPv3 Overview, Udp
Page 5 Page 7

8600 specifications

Nortel Networks 8600 is a highly regarded member of the Nortel Ethernet routing portfolio, specifically designed to meet the demands of today's bandwidth-hungry environments. This advanced platform is a favorite for service providers and enterprises due to its scalability, reliability, and performance capabilities.

One of the standout features of the Nortel 8600 is its exceptional scalability. The platform supports a wide range of Ethernet services that can accommodate the growth of network applications without requiring significant overhaul. This scalability is driven by its ability to provide multiple 10 Gigabit and 100 Gigabit Ethernet ports, allowing organizations to expand their network as bandwidth needs increase.

The 8600 employs a robust architecture that enhances its performance. It utilizes a switching fabric that delivers high throughput and low latency, making it ideal for applications that demand real-time data transmission, such as voice over IP (VoIP) and video streaming. With support for high-density Ethernet, the 8600 can handle a large number of simultaneous connections, facilitating seamless experiences for end-users.

Another technological highlight of the Nortel 8600 is its integrated service capabilities. The platform incorporates advanced quality of service (QoS) features that prioritize bandwidth for critical applications, ensuring reliable performance even during peak usage times. The 8600 also supports comprehensive security protocols, providing peace of mind for organizations as they navigate the complexities of modern cybersecurity challenges.

Additionally, the platform offers advanced management features that simplify network administration. Built-in tools for monitoring and reporting enhance operational visibility, enabling IT teams to quickly identify and resolve issues. The 8600 is designed to integrate smoothly with existing networking environments, offering interoperability with multiple vendors and protocols, thus protecting investment in other technologies.

Energy efficiency is another characteristic of the Nortel 8600, making it a suitable choice for organizations keen on reducing operational costs and minimizing their environmental impact. The platform is built with energy-saving components and intelligent power management that allow businesses to operate sustainably.

Overall, the Nortel Networks 8600 is a sophisticated routing solution that integrates cutting-edge technologies to meet the demands of modern network environments, making it a preferred choice for organizations seeking a balance between performance, reliability, and cost-effectiveness.
Top Page Image Contents