Manualshelf

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9140 Multi-layer Fabric Switch
381382383384385386387388389390
Send feedback to nx5000-docfeedback@cisco.com
27-3
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 27 Configuring SNMP
Information About SNMP
authNoPriv—Security level that provides authentication but does not provide encryption.
authPriv—Security level that provides both authentication and encryption.
Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined
with the security level determine the security mechanism applied when the SNMP message is processed.
User-Based Security Model
Table 27-1 identifies what the combinations of security models and levels mean.
SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the
following services:
Message integrity—Ensures that messages have not been altered or destroyed in an unauthorized
manner and that data sequences have not been altered to an extent greater than can occur
non-maliciously.
Message origin authentication—Ensures that the claimed identity of the user on whose behalf
received data was originated is confirmed.
Message confidentiality—Ensures that information is not made available or disclosed to
unauthorized individuals, entities, or processes.
SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.
Cisco NX-OS uses two authentication protocols for SNMPv3:
HMAC-MD5-96 authentication protocol
HMAC-SHA-96 authentication protocol
Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3
message encryption and conforms with RFC 3826.
Table 27-1 SNMP Security Models and Levels
Model Level Authentication Encryption What Happens
v1 noAuthNoPriv Community string No Uses a community string match for
authentication.
v2c noAuthNoPriv Community string No Uses a community string match for
authentication.
v3 noAuthNoPriv Username No Uses a username match for
authentication.
v3 authNoPriv HMAC-MD5 or
HMAC-SHA
No Provides authentication based on the
Hash-Based Message Authentication
Code (HMAC) Message Digest 5
(MD5) algorithm or the HMAC
Secure Hash Algorithm (SHA).
v3 authPriv HMAC-MD5 or
HMAC-SHA
DES Provides authentication based on the
HMAC-MD5 or HMAC-SHA
algorithms. Provides Data Encryption
Standard (DES) 56-bit encryption in
addition to authentication based on
the Cipher Block Chaining (CBC)
DES (DES-56) standard.