user manual
36-3
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 36 Configuring SNMP
Information About SNMP
  –
Encryption—Mixes the contents of a package to prevent it from being read by an unauthorized 
source.
Note To select encryption, enter the priv keyword. This keyword is available only when the 
cryptographic (encrypted) software image is installed.
Both SNMPv1 and SNMPv2C use a community-based form of security. The community of managers 
able to access the agent’s MIB is defined by an IP address access control list and password. 
SNMPv2C includes a bulk retrieval mechanism and more detailed error message reporting to 
management stations. The bulk retrieval mechanism retrieves tables and large quantities of information, 
minimizing the number of round-trips required. The SNMPv2C improved error-handling includes 
expanded error codes that distinguish different kinds of error conditions; these conditions are reported 
through a single error code in SNMPv1. Error return codes in SNMPv2C report the error type.
SNMPv3 provides for both security models and security levels. A security model is an authentication 
strategy set up for a user and the group within which the user resides. A security level is the permitted 
level of security within a security model. A combination of the security level and the security model 
determine which security mechanism is used when handling an SNMP packet. Available security models 
are SNMPv1, SNMPv2C, and SNMPv3.
Table 36-1 identifies the characteristics of the different combinations of security models and levels.
You must configure the SNMP agent to use the SNMP version supported by the management station. 
Because an agent can communicate with multiple managers, you can configure the software to support 
communications using SNMPv1, SNMPv2C, or SNMPv3. 
Ta b l e  36-1 SNMP Security Models and Levels 
Model Level Authentication Encryption Result
SNMPv1 noAuthNoPriv Community string No Uses a community string match for authentication.
SNMPv2C noAuthNoPriv Community string No Uses a community string match for authentication.
SNMPv3 noAuthNoPriv
(requires the 
LAN Base 
image)
Username No Uses a username match for authentication.
SNMPv3 authNoPriv
(requires the 
LAN Base 
image)
Message Digest 5 
(MD5) or Secure 
Hash Algorithm 
(SHA)
No Provides authentication based on the HMAC-MD5 or 
HMAC-SHA algorithms.
SNMPv3 authPriv 
(requires the 
LAN Base 
image)
MD5 or SHA Data Encryption 
Standard (DES) 
or Advanced 
Encryption 
Standard (AES)
Provides authentication based on the HMAC-MD5 or 
HMAC-SHA algorithms. Allows specifying the 
User-based Security Model (USM) with these 
encryption algorithms:
  • DES 56-bit encryption in addition to 
authentication based on the CBC-DES (DES-56) 
standard.
  • 3DES 168-bit encryption
  • AES 128-bit, 192-bit, or 256-bit encryption










