Specifications

SNMP Support on Enterasys Devices
March 28, 2011 Page 7 of 27
Security Models and Levels
AnSNMPsecuritymodelisanauthenticationstrategythatissetupforauserandthegroupin
whichtheuserresides.Asecuritylevelisthepermittedlevelofsecuritywithinasecuritymodel.
ThethreelevelsofSNMPsecurityonEnterasysdevicesare:Noauthenticationrequired
(NoAuthNoPriv);authentication
required(AuthNoPriv);andprivacy(authPriv).Acombination
ofasecuritymodelandasecurityleveldetermineswhichsecuritymechanismisemployedwhen
handlinganSNMPframe.Table 3identifiesthelevelsofSNMPsecurityavailableonEnterasys
devicesandauthenticationrequiredwithineachmodel.
Access Control
InadditiontotheSecurityModelsandLevelsdescribedabove,theEnterasysimplementationof
SNMPalsoprovidesaViewbasedAccessControlModel(VACM),whichdeterminesremote
accesstomanagedobjects.VACMallowsyoutoorganizesubsetsofmanagementinformationinto
“views.”Managementinformationthatisinauserʹsview
givestheuserthecorrespondingaccess
leveltothatmanagementinformation:eitherread,write,ornotify.Individualuserscanbe
organizedintogroupsforwhomyoucanpredefinewhatviewsareavailablebasedonthe
securitymodelandsecuritylevelusedtorequestaccess.Inthisway,VACMallows
youtopermit
ordenyaccesstoanyindividualitemofmanagementinformationdependingonauserʹsgroup
membershipandthelevelofsecurityprovidedbythecommunicationschannel.
view Specifies permission for accessing SNMP MIB objects granted to a particular SNMP
user group. View types and associated access rights are:
read - view-only access
write - allowed to configure MIB agent contents
notify - send trap messages
Table 2 SNMP Terms and Definitions (continued)
Term Definition
Table 3 SNMP Security Models and Levels
Model Security Level Authentication Encryption How It Works
v1 NoAuthNoPriv Community string None Uses a community string match for
authentication.
v2c NoAuthNoPriv Community string None Uses a community string match for
authentication.
v3 / USM NoAuthNoPriv User name None Uses a user name match for
authentication.
AuthNoPriv MD5 or SHA None Provides authentication based on
the HMAC-MD5 or HMAC-SHA
algorithms.
authPriv MD5 or SHA DES Provides authentication based on
the HMAC-MD5 or HMAC-SHA
algorithms. Provides DES 56-bit
encryption in addition to
authentication based on the CBC-
DES (DES-56) standard.