Switch User Manual

ManualsBrandsEnterasys Networks ManualsSwitchSECURESTACK 9034313-07

221

222

223

224

225

226

227

228

229

230

SNMP Configuration Summary

8-2 SNMP Configuration

SNMPv1 and SNMPv2c

ThecomponentsofSNMPv1andSNMPv2cnetworkmanagementfallintothreecategories:

•Manageddevices(suchasaswitch).

•SNMPagentsandMIBs,includingSNMPtraps,communitystrings,andRemoteMonitoring

(RMON)MIBs,whichrunonmanageddevices.

•SNMPnetworkmanagementapplications,suchastheEnterasysNetSightapplication,which

communicatewithagents

togetstatisticsandalertsfromthemanageddevices.

SNMPv3

SNMPv3isaninteroperablestandards‐basedprotocolthatprovidessecureaccesstodevicesby

authenticatingandencryptingframesoverthenetwork.Theadvancedsecurityfeaturesprovided

inSNMPv3areasfollows:

– Messageintegrity—Collects datasecurel ywithoutbeing tamperedwithorcorrupted.

– Authentication—Determinesthemessageisfroma

validsource.

–Encryption—Scramblesthecontentsofaframetopreventitfrombeingseenbyan

unauthorizedsource.

UnlikeSNMPv1andSNMPv2c,inSNMPv3,theconceptofSNMPagentsandSNMPmanagersno

longerapply.TheseconceptshavebeencombinedintoanSNMPentity.AnSNMPenti tyconsists

ofanSNMPengineandSNMPapplications.AnSNMPengineconsistsofthefollowingfour

components:

•Dispatcher—Thiscomponentsendsandreceivesmessages.

•Messageprocessingsubsystem—ThiscomponentacceptsoutgoingPDUsfromthe

dispatcherandpreparesthemfortransmissionbywrappingtheminamessageheaderand

returningthem

tothedispatcher.Themessageprocessingsubsystemalsoacceptsincoming

messagesfromthedispatcher,processeseachmessageheader,andreturnstheenclosedPDU

tothedispatcher.

•Securitysubsystem—Thiscomponentauthenticatesandencryptsmessages.

• Accesscontrolsubsystem—Thiscomponentdetermineswhichusersandwhichoperations

areallowedaccessto

managedobjects.

About SNMP Security Models and Levels

AnSNMPsecuritymodelisanauthenticationstrategythatissetupforauserandthegroupin

whichtheuserresides.Asecuritylevelisthepermittedlevelofsecuritywithinasecuritymodel.

ThethreelevelsofSNMPsecurityare:Noauthenticationrequired(NoAuthNoPriv);

authenticationrequired(AuthNoPriv);and

privacy(authPriv).Acombinationofasecuritymodel

andasecurityleveldetermineswhichsecuritymechanismisemployedwhenhandlinganSNMP

frame.Table 8‐1identifiesthelevelsofSNMPsecurityavailableonSecureStackC3devicesand

authenticationrequiredwithineachmodel.