Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentExtremeWare XOS Command
51525354555657585960
56 ExtremeWare XOS 11.0 Concepts Guide
Managing the Switch
implementing a multilingual agent, so that various versions of SNMP can coexist simultaneously in the
same network.
The security subsystem features the use of various authentication and privacy protocols with various
timeliness checking and engine clock synchronization schemes. SNMPv3 is designed to be secure
against:
Modification of information, where an in-transit message is altered.
Masquerades, where an unauthorized entity assumes the identity of an authorized entity.
Message stream modification, where packets are delayed and/or replayed.
Disclosure, where packet exchanges are sniffed (examined) and information is learned about the
contents.
The access control subsystem provides the ability to configure whether access to a managed object in a
local MIB is allowed for a remote principal. The access control scheme allows you to define access
policies based on MIB views, groups, and multiple security levels.
In addition, the SNMPv3 target and notification MIBs provide a more procedural approach for
generating and filtering of notifications.
SNMPv3 objects are stored in non-volatile memory unless specifically assigned to volatile storage.
Objects defined as permanent cannot be deleted.
NOTE
In SNMPv3, many objects can be identified by a human-readable string or by a string of hexadecimal
octets. In many commands, you can use either a character string, or a colon-separated string of
hexadecimal octets to specify objects. To indicate hexadecimal octets, use the keyword
hex in the
command.
Message Processing
A particular network manager may require messages that conform to a particular version of SNMP. The
choice of the SNMPv1, SNMPv2c, or SNMPv3 MP model can be configured for each network manager
as its target address is configured. The selection of the MP model is configured with the
mp-model
keyword in the following command:
configure snmpv3 add target-params [[hex <hex_param_name>] | <param_name>] user [[hex
<hex_user_name>] | <user_name>] mp-model [snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1
| snmpv2c | usm] {sec-level [noauth | authnopriv | priv]} {volatile}
SNMPv3 Security
In SNMPv3 the User-Based Security Model (USM) for SNMP was introduced. USM deals with security
related aspects like authentication, encryption of SNMP messages, and defining users and their various
access security levels. This standard also encompasses protection against message delay and message
replay.
USM Timeliness Mechanisms
An Extreme Networks switch has one SNMPv3 engine, identified by its snmpEngineID. The first four
octets are fixed to 80:00:07:7C, which represents the Extreme Networks vendor ID. By default, the
additional octets for the snmpEngineID are generated from the device MAC address.