Specifications

ManualsBrandsCisco ManualsComputer equipmentIE 2000

211

212

213

214

215

216

217

218

219

220

14-3

System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches

Chapter 14 Configuring SNMP

Information About SNMP

SNMPv2C includes a bulk retrieval mechanism and more detailed error message reporting to

management stations. The bulk retrieval mechanism retrieves tables and large quantities of information,

minimizing the number of round-trips required. The SNMPv2C improved error-handling includes

expanded error codes that distinguish different kinds of error conditions; these conditions are reported

through a single error code in SNMPv1. Error return codes in SNMPv2C report the error type.

SNMPv3 provides for both security models and security levels. A security model is an authentication

strategy set up for a user and the group within which the user resides. A security level is the permitted

level of security within a security model. A combination of the security level and the security model

determine which security mechanism is used when handling an SNMP packet. Available security models

are SNMPv1, SNMPv2C, and SNMPv3.

Table 14-1 identifies the characteristics of the different combinations of security models and levels.

You must configure the SNMP agent to use the SNMP version supported by the management station.

Because an agent can communicate with multiple managers, you can configure the software to support

communications using SNMPv1, SNMPv2C, or SNMPv3.

SNMP Manager Functions

The SNMP manager uses information in the MIB to perform the operations described in Table 14-2.

Table 14-1 SNMP Security Models and Levels

Model Level Authentication Encryption Result

SNMPv1 noAuthNoPriv Community string No Uses a community string match for authentication.

SNMPv2C noAuthNoPriv Community string No Uses a community string match for authentication.

SNMPv3 noAuthNoPriv Username No Uses a username match for authentication.

SNMPv3 authNoPriv Message Digest 5

(MD5) or Secure

Hash Algorithm

(SHA)

No Provides authentication based on the HMAC-MD5

or HMAC-SHA algorithms.

SNMPv3 authPriv

(requires the

cryptographic software

image)

MD5 or SHA Data

Encryption

Standard

(DES) or

Advanced

Encryption

Standard

(AES)

Provides authentication based on the HMAC-MD5

or HMAC-SHA algorithms.

Allows specifying the User-based Security Model

(USM) with these encryption algorithms:

• DES 56-bit encryption in addition to

authentication based on the CBC-DES

(DES-56) standard

• 3DES 168-bit encryption

• AES 128-bit, 192-bit, or 256-bit encryption

Table 14-2 SNMP Operations

Operation Description

get-request Retrieves a value from a specific variable.

get-next-request Retrieves a value from a variable within a table.