Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsSoftwareExtremeWare Command
41424344454647484950
42 ExtremeWare XOS 10.1 Concepts Guide
Managing the Switch
In addition, the SNMPv3 target and notification MIBs provide a more procedural approach for the
generation and filtering of notifications.
SNMPv3 objects are stored in non-volatile memory unless specifically assigned to volatile storage.
Objects defined as permanent cannot be deleted or modified.
NOTE
In SNMPv3, many objects can be identified by a human-readable string or by a string of hex octets. In
many commands, you can use either a character string, or a colon separated string of hex octets to
specify objects. This is indicated by the keyword
hex used in the command.
Message Processing
A particular network manager may require messages that conform to a particular version of SNMP. The
choice of the SNMPv1, SNMPv2, or SNMPv3 message processing model can be configured for each
network manager as its target address is configured. The selection of the message processing model is
configured with the
mp-model keyword in the following command:
configure snmpv3 add target-params {hex} <param name> user {hex} <user name> mp-model
[snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth |
authnopriv | priv]} {volatile}
SNMPv3 Security
In SNMPv3 the User-Based Security Model (USM) for SNMP was introduced. USM deals with security
related aspects like authentication, encryption of SNMP messages and defining users and their various
access security levels. This standard also encompass protection against message delay and message
replay.
USM Timeliness Mechanisms
There is one SNMPv3 engine on an Extreme switch, identified by its snmpEngineID. The first four octets
are fixed to 80:00:07:7C, which represents the Extreme Networks Vendor ID. By default, the additional
octets for the snmpEngineID are generated from the device MAC address. Every SNMPv3 engine
necessarily maintains two objects: SNMPEngineBoots, which is the number of reboots the agent has
experienced and SNMPEngineTime, which is the engine local time since reboot. It has a local copy of
these objects and the latestReceivedEngineTime for every authoritative engine it wants to communicate
with. Comparing these objects with the values received in messages and then applying certain rules to
decide upon the message validity accomplish protection against message delay or message replay.
In a chassis, the snmpEngineID will be generated using the MAC address of the MSM with which the
switch boots first.
The snmpEngineID can be configured from the command line, but once the snmpEngineID is changed,
default users will be reverted back to their original passwords/keys, while non-default users will be
reset to the security level of no authorization, no privacy. Use the following command to set the
snmpEngineID:
configure snmpv3 engine-id <hex octet>