7.7.5User-based Security Model (USM) RFC 3414

RFC 3414 discusses the “User-based security model” for SNMPv3. It defines the elements of procedure for providing SNMP message-level security. The mechanisms to be implemented related to this feature are Discovery and Timeliness, Authentication, Privacy and Key management.

The product will support the HMAC-MD5-96 and the HMAC-SHA-96 protocols for authentication and the CBC-DES Symmetric Encryption Protocol for Privacy.

7.7.5.1Supporting MIBs.

The following statistics MIB objects will be supported:

7.7.5.1.1Statistics.

usmStatsUnsuppportedSecLevels, usmStatsNonInTimeWindows, usmStatsUnknownUserNames, usmStatsUnknownEngineIDs, usmStatsWrongDigests, usmStatsDecryptionErrors.

7.7.5.1.2SNMPv3 users.

7.7.5.1.2.1usmUserTable.

Will be supported to maintain authentication and privacy information for each user. The engineID and the userName index the table. For the GranDSLAM R3.2 product, all entries will have the same local engineID.

Because new SNMPv3 users can be added to this table only by cloning it from an existing entry, we need an initial entry to start with. The initial entry will be based on the password of our default userID. This will be done only the first time SNMPv3 is turned on (’snmpV3-encryption’ option is selected).

This initial user/password is run through an algorithm based on the HMAC-MD5-96 (default algorithm for authentication) and converted in what is called a localized key. This procedure is stardarized in RFC 3414.

Remote entities (for example, EMS) must obtained the same value of the localized key to start with.

Once the initial entry is created, clients (EMS, TL-1, Web, etc.) will used a standarized procedure in RFC 3214 to clone new users from the existing entries in the usmUserTable. No other mibs are involved in creating SNMPv3 users.

According to requirements, the SNMPv3 users to be configured will always have AuthPriv as the securityLevel, that is both authentication and privacy (encryption) turn on. SecurityLevel of NoAuthNoPriv or AuthNoPriv will not be supported for these users.

7.7.5.1.2.2usmUserSpinLock.

This object will be supported to coordinate set operations to the usmUserTable.

7.7.6View-based Access Control (VACM)

RFC 3415 discusses the “View-based Access Control Model” for SNMPv3. The GranDSLAM R3.2 agent will create default entries in the neccesary tables to be commonly used between v1/v2c/v3 SNMP users.

7.7.6.1Supporting MIBs

RFC 3415 defines several tables to be used to determine if a SNMP operation (get, getnext, getbulk, set or notification) is allowed to access certain managed objects.

8000-A2-GB30-10

November 2003

79

Page 85
Image 85
Paradyne 8620 User-based Security Model USM RFC, Supporting MIBs, Statistics, SNMPv3 users UsmUserTable, UsmUserSpinLock

8620, 8820 specifications

The Paradyne 8620 and Hotwire 8620 GranDSLAM are advanced DSLAM devices designed to provide high-speed broadband access over existing copper lines. This installation guide will outline the main features, technologies, and characteristics of these powerful units.

The Paradyne 8620 is engineered to support various DSL technologies, including ADSL, ADSL2+, and VDSL. This versatility allows operators to deploy services tailored to the needs of their customers, enabling data rates of up to 50 Mbps downstream, making it an ideal choice for meeting increasing bandwidth demands. The Hotwire 8620 GranDSLAM shares many similarities, focusing on providing enhanced service delivery for both residential and business users.

One of the key features of the GranDSLAM series is its modular architecture. Both models support up to 48 subscriber line interfaces in a single chassis, which provides significant scalability. Operators can seamlessly increase capacity by adding additional cards to accommodate growth. The devices are designed for easy deployment and management, equipped with an intuitive web-based interface that simplifies configuration and monitoring tasks.

Both units also feature advanced management capabilities, including support for SNMP and TR-069 protocols. This allows service providers to manage and provision devices remotely, significantly reducing operational costs and improving service reliability. The GranDSLAM models can also provide detailed diagnostic information, helping operators quickly identify and troubleshoot issues.

The Paradyne and Hotwire series ensure interoperability with various customer premises equipment, enabling service providers to offer bundled services such as voice, video, and data over the same connection. This capability is enhanced by the units’ ability to support VLANs and QoS features, ensuring that high-priority traffic receives the necessary bandwidth.

In addition to performance, the 8620 series is built with energy efficiency in mind. By utilizing power-saving features, these units help reduce overall operational costs while still providing reliable service.

Overall, the Paradyne 8620 and Hotwire 8620 GranDSLAM are robust solutions for service providers looking to deliver high-speed broadband services. Their modular design, advanced management capabilities, and support for multiple DSL technologies make them an excellent choice for today’s demanding telecommunications environment. With these advantages, operators can effectively meet customer needs while preparing for future growth and technology advancements.