User's Manual Part 1
Table Of Contents
- Cambium PTP 650 Series User Guide
- Contacting Cambium Networks
- Purpose
- Cross references
- Feedback
- Chapter 1: Product description
- Chapter 2: System hardware
- Chapter 3: System planning
- Chapter 4: Legal and regulatory information
- Cambium Networks end user license agreement
- Acceptance of this agreement
- Definitions
- Grant of license
- Conditions of use
- Title and restrictions
- Confidentiality
- Right to use Cambium’s name
- Transfer
- Updates
- Maintenance
- Disclaimer
- Limitation of liability
- U.S. government
- Term of license
- Governing law
- Assignment
- Survival of provisions
- Entire agreement
- Third party software
- Compliance with safety standards
- Compliance with radio regulations
- Cambium Networks end user license agreement
Chapter 1: Product description System management
MIB-based management of SNMPv3 security
PTP 650 supports a standards-based approach to configuring SNMPv3 users and views through
the SNMP MIB. This approach provides maximum flexibility in terms of defining views and
security levels appropriate for different types of user.
PTP 650 provides a default SNMPv3 configuration. This initial configuration is not secure, but it
provides the means by which a secure configuration can be created using SNMPv3.
The secure configuration should be configured in a controlled environment to prevent disclosure
of the initial security keys necessarily sent as plaintext, or sent as encrypted data using a
predictable key. The initial security information should not be configured over an insecure
network.
The default configuration is restored when any of the following occurs:
• All ODU configuration data is erased.
• All SNMP users are deleted using the SNMP management interface.
• The SNMP Engine ID Format has been changed.
• The SNMP Engine ID Format is Internet Address AND the Internet Address has been changed.
• The SNMP Engine ID Format is Text String AND the text string has been changed.
• The SNMP Engine ID Format is MAC Address AND configuration has been restored using a file
saved from a different unit.
• SNMPv3 Security Management is changed from web-based to MIB-based.
The default user configuration is specified in SNMPv3 default configuration (MIB-based) on page
3-37.
PTP 650 creates the initial user and template users with localized authentication and privacy
keys derived from the passphrase string 123456789. Authentication keys for the templates users
are fixed and cannot be changed. Any or all of the template users can be deleted.
The default user
initial is created with a view of the entire MIB, requiring authentication for SET
operations. There is no access for template users.
Note
VACM grants access for requests sent with more than the configured security level.
The default user initial will have read/write access to the whole of the MIB. This is described in
further detail in View-based access control model on page 1-29. The template users have no access
to the MIB in the default configuration. User
initial will normally be used to create one or more
additional users with secret authentication and privacy keys, and with appropriate access to the
whole of the MIB or to particular views of the MIB according to the operator’s security policy. New
users must be created by cloning template users. The user
initial may then be deleted to prevent
access using the well-known user name and keys. Alternatively, the keys associated with
initial
may be set to some new secret value.
Page
1-30