1. Network Management Specification
7.7.5User-based Security Model (USM) RFC 3414
RFC 3414 discusses the
The product will support the
7.7.5.1Supporting MIBs.
The following statistics MIB objects will be supported:
7.7.5.1.1Statistics.
usmStatsUnsuppportedSecLevels, usmStatsNonInTimeWindows, usmStatsUnknownUserNames, usmStatsUnknownEngineIDs, usmStatsWrongDigests, usmStatsDecryptionErrors.
7.7.5.1.2SNMPv3 users.
7.7.5.1.2.1usmUserTable.
Will be supported to maintain authentication and privacy information for each user. The engineID and the userName index the table. For the GranDSLAM 3.0 product, all entries will have the same local engineID.
Because new SNMPv3 users can be added to this table only by cloning it from an existing entry, we need an initial entry to start with. The initial entry will be based on the password of our default userID. This will be done only the first time SNMPv3 is turned on
This initial user/password is run through an algorithm based on the
Remote entities (for example, EMS) must obtained the same value of the localized key to start with.
Once the initial entry is created, clients (EMS,
According to requirements, the SNMPv3 users to be configured will always have AuthPriv as the securityLevel, that is both authentication and privacy (encryption) turn on. SecurityLevel of NoAuthNoPriv or AuthNoPriv will not be supported for these users.
7.7.5.1.2.2usmUserSpinLock.
This object will be supported to coordinate set operations to the usmUserTable.
7.7.6View-based Access Control (VACM)
RFC 3415 discusses the
7.7.6.1Supporting MIBs
RFC 3415 defines several tables to be used to determine if a SNMP operation (get, getnext, getbulk, set or notification) is allowed to access certain managed objects.
78 | June 2003 |