Manualshelf

Specifications

ManualsBrandsCisco ManualsPrint & ScanFourth-Generation Versatile Interface Processor VIP4
31323334353637383940
36
Release Notes for Cisco IOS Release 12.0 S
78-7130-11 Rev. B0
New and Changed Information
SNMPv3
Platforms: Cisco 7200 series, Cisco 7500/RSP series, Cisco 12000 series
Simple Network Management Protocol version 3 (SNMPv3) addresses issues related to the large-scale
deployment of SNMP for configuration, accounting, and fault management. Currently SNMP is
predominantly used for monitoring and performance management. The primary goal of SNMPv3 is to
define a secure version of the SNMP protocol. SNMPv3 also facilitates remote configuration of the
SNMP entities that make remote administration of SNMP entities a much simpler task. SNMPv3 builds
on top of SNMPv1 and SNMPv2 to provide a secure environment for the management of systems and
networks.
SNMPv3 provides an identification strategy for SNMP devices to facilitate communication only
between known SNMP strategy. Each SNMP device has an identifier called the SNMP EngineID, which
is a copy of SNMP. Each SNMP message contains an SNMP EngineID. SNMP communication is
possible only if an SNMP entity knows the identity of its peer SNMP device.
SNMPv3 also contains a security model or security strategy that exists between an SNMP user and the
SNMP group to which the user belongs. A security model may define the security policy within an
administrative domain or an intranet. The SNMPv3 protocol consists of the specification for the
User-based Security Model (USM).
Definition of security goals where the goals of message authentication service includes the following
protection strategies:
Modification of information, or protection against some unauthorized SNMP entity altering
in-transit SNMP messages generated on behalf of an authorized principal
Masquerade, or protection against attempting management operations not authorized for some
principal by assuming the identity of another principal that has the appropriate authorizations
Message stream modification, or protection against messages getting maliciously reordered,
delayed, or replayed in order to effect unauthorized management operations
Disclosure, or protection against eavesdropping on the exchanges between SNMP engines. Three
different types of communication mechanisms are available for this protection strategy:
Communication without authentication and privacy (NoAuthNoPriv)
Communication with authentication and without privacy (AuthNoPriv)
Communication with authentication and privacy (AuthPriv)
Turbo Access Control Lists
Platforms: Cisco 7200 series, Cisco 7500/RSP series, Cisco 12000 series
The turbo access control lists feature enables Cisco 7200 and 7500 series routers, and Cisco 12000
series Gigabit Switch Routers (GSRs) to evaluate access control lists (ACLs) for more expedient packet
classification and access checks.