User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMP-1FXO

311

312

313

314

315

316

317

318

319

320

SIP User's Manual 14. SNMP-Based Management

Version 5.0 317 December 2006

¾ To delete the read-only, noAuthNoPriv SNMPv3 user (v3user), take

these 3 steps:

1. If v3 user is associated with a trap destination, follow the procedure for associating a

different user to that trap destination. (See below.)

2. Delete the vacmSecurityToGroupTable row for SecurityName v3user, GroupName

ReadGroup1, and SecurityModel usm.

3. Delete the row in the usmUserTable for v3user.

To add a read-write, authPriv SNMPv3 user (v3user), take these 4

steps:

1. Clone the row with the same security level.

2. Change the authentication key and privacy key.

3. Activate the row. That is, set the row status to active(1).

4. Add a row to the vacmSecurityToGroupTable for SecurityName v3admin1,

GroupName ReadWriteGroup3, and SecurityModel usm(3).

Note: A row with the same security level (authPriv) must already exist in the

usmUserTable (see the usmUserTable for details).

¾ To delete the read-write, authPriv SNMPv3 user (v3admin1), take

these 3 steps:

1. If v3admin1 is associated with a trap destination, follow the procedure for associating

a different user to that trap destination. (See below.)

2. Delete the vacmSecurityToGroupTable row for SecurityName v3admin1, GroupName

ReadWriteGroup1, and SecurityModel usm.

3. Delete the row in the usmUserTable for v3admin1.

14.8.3 Trusted Managers

By default, the agent accepts ‘get’ and ‘set’ requests from any IP address, as long as the

correct community string is used in the request. Security can be enhanced via the use of

Trusted Managers. A Trusted Manager is an IP address from which the SNMP Agent

accepts and processes ‘get’ and ‘set’ requests. An EM can be used to configure up to five

Trusted Managers.

Note: If Trusted Managers are defined, all community strings work from all

Trusted Managers. That is, there is no way to associate a community

string with particular trusted managers.

The concept of trusted managers is considered to be a weak form of security and is

therefore, not a required part of SNMPv3 security, which uses authentication and privacy.

However, the board’s SNMP agent applies the trusted manager concept as follows:

 There is no way to configure trusted managers for only a SNMPv3 user. An SNMPv2c

community string must be defined.

 If specific IPs are configured as trusted managers (via the community table), then only

SNMPv3 users on those trusted managers are given access to the agent’s MIB

objects.