SNMP Configuration Summary
7-2 SNMP Configuration
•SNMPnetworkmanagementapplications,suchastheEnterasysNetSightapplication,which
communicatewithagentstogetstatisticsandalertsfromthemanageddevices.
SNMPv3
SNMPv3isaninteroperablestandards‐basedprotocolthatprovidessecureaccesstodevicesby
authenticatingandencryptingframesoverthenetwork.Theadvancedsecurityfeaturesprovided
inSNMPv3areasfollows:
– Messageintegrity—Collectsdatasecurelywithoutbeingtamperedwithorcorrupted.
– Authentication—Determinesthemessageisfroma
validsource.
–Encryption—Scramblesthecontentsofaframetopreventitfrombeingseenbyan
unauthorizedsource.
UnlikeSNMPv1andSNMPv2c,inSNMPv3,theconceptofSNMPagentsandSNMPmanagersno
longerapply. TheseconceptshavebeencombinedintoanSNMPentity.AnSNMPentityconsists
ofanSNMPengineandSNMPapplications.AnSNMPengineconsistsofthefollowingfour
components:
•Dispatcher—Thiscomponentsendsandreceivesmessages.
•Messageprocessingsubsystem—ThiscomponentacceptsoutgoingPDUsfromthe
dispatcherandpreparesthemfortransmissionbywrappingtheminamessageheaderand
returningthem
tothedispatcher.Themessageprocessingsubsystemalsoacceptsincoming
messagesfromthedispatcher,processeseachmessageheader,andreturnstheenclosedPDU
tothedispatcher.
•Securitysubsystem—Thiscomponentauthenticatesandencryptsmessages.
• Accesscontrolsubsystem—Thiscomponentdetermineswhichusersandwhichoperations
areallowedaccessto
managedobjects.
About SNMP Security Models and Levels
AnSNMPsecuritymodelisanauthenticationstrategythatissetupforauserandthegroupin
whichtheuserresides.Asecuritylevelisthepermittedlevelofsecuritywithinasecuritymodel.
ThethreelevelsofSNMPsecurityare:Noauthenticationrequired(NoAuthNoPriv);
authenticationrequired(AuthNoPriv);and
privacy(authPriv).Acombinationofasecuritymodel
andasecurityleveldetermineswhichsecuritymechanismisemployedwhenhandlinganSNMP
frame.Table 7‐12identifiesthelevelsofSNMPsecurityava ilableonD‐Seriesdevicesand
authenticationrequiredwithineachmodel.
Table 7-12 SNMP Security Levels
Model Security Level Authentication Encryption How It Works
v1 NoAuthNoPriv Community string None Uses a community string match for
authentication.
v2c NoAuthNoPriv Community string None Uses a community string match for
authentication.
Kommentare zu diesen Handbüchern