Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9124e 24-port Fabric Switch for BladeSystem c-Class

381

382

383

384

385

386

387

388

389

390

Send feedback to nx5000-docfeedback@cisco.com

27-3

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01

Chapter 27 Configuring SNMP

Information About SNMP

• authNoPriv—Security level that provides authentication but does not provide encryption.

• authPriv—Security level that provides both authentication and encryption.

Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined

with the security level determine the security mechanism applied when the SNMP message is processed.

User-Based Security Model

Table 27-1 identifies what the combinations of security models and levels mean.

SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the

following services:

• Message integrity—Ensures that messages have not been altered or destroyed in an unauthorized

manner and that data sequences have not been altered to an extent greater than can occur

non-maliciously.

• Message origin authentication—Ensures that the claimed identity of the user on whose behalf

received data was originated is confirmed.

• Message confidentiality—Ensures that information is not made available or disclosed to

unauthorized individuals, entities, or processes.

SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.

Cisco NX-OS uses two authentication protocols for SNMPv3:

• HMAC-MD5-96 authentication protocol

• HMAC-SHA-96 authentication protocol

Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3

message encryption and conforms with RFC 3826.

Table 27-1 SNMP Security Models and Levels

Model Level Authentication Encryption What Happens

v1 noAuthNoPriv Community string No Uses a community string match for

authentication.

v2c noAuthNoPriv Community string No Uses a community string match for

authentication.

v3 noAuthNoPriv Username No Uses a username match for

authentication.

v3 authNoPriv HMAC-MD5 or

HMAC-SHA

No Provides authentication based on the

Hash-Based Message Authentication

Code (HMAC) Message Digest 5

(MD5) algorithm or the HMAC

Secure Hash Algorithm (SHA).

v3 authPriv HMAC-MD5 or

HMAC-SHA

DES Provides authentication based on the

HMAC-MD5 or HMAC-SHA

algorithms. Provides Data Encryption

Standard (DES) 56-bit encryption in

addition to authentication based on

the Cipher Block Chaining (CBC)

DES (DES-56) standard.