Owner's manual

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron Ethernet Switch Administration Guide

141

142

143

144

145

146

147

148

149

150

User-based security model

SNMP version 3 (RFC 2570 through 2575) introduces a User-Based Security model (RFC 2574) for

authentication and privacy services.

SNMP version 1 and version 2 use community strings to authenticate SNMP access to management

modules. This method can still be used for authentication. In SNMP version 3, the User-Based Security

model of SNMP can be used to secure against the following threats:

• Modification of information

• Masquerading the identity of an authorized entity

• Message stream modification

• Disclosure of information

SNMP version 3 also supports View-Based Access Control Mechanism (RFC 2575) to control access at

the PDU level. It defines mechanisms for determining whether or not access to a managed object in a

local MIB by a remote principal should be allowed. For more information, refer to SNMP v3

configuration examples on page 151.)

Configuring your NMS

In order to use the SNMP version 3 features.

1. Make sure that your Network Manager System (NMS) supports SNMP version 3.

2. Configure your NMS agent with the necessary users.

3. Configure the SNMP version 3 features in Brocade devices.

Configuring SNMP version 3 on Brocade devices

Follow the steps given below to configure SNMP version 3 on Brocade devices.

1. Enter an engine ID for the management module using the snmp-server engineid command if you

will not use the default engine ID.Refer to Defining the engine id on page 141.

2. Create views that will be assigned to SNMP user groups using the snmp-server view command.

refer to SNMP v3 configuration examples on page 151 for details.

3. Create ACL groups that will be assigned to SNMP user groups using the access-list command.

4. Create user groups using the snmp-server group command.Refer to Defining an SNMP group on

page 142.

5. Create user accounts and associate these accounts to user groups using the snmp-server user

command.Refer to Defining an SNMP user account on page 143.

If SNMP version 3 is not configured, then community strings by default are used to authenticate

access.

Defining the engine id

A default engine ID is generated during system start up. To determine what the default engine ID of the

device is, enter the show snmp engineid command and find the following line:

Local SNMP Engine ID: 800007c70300e05290ab60

See the section Displaying the Engine ID on page 149 for details.

User-based security model

FastIron Ethernet Switch Administration Guide 141

53-1003075-02