Displaying the snmp community strings, Using the user-based security model, Configuring your nms – Brocade BigIron RX Series Configuration Guide User Manual
Page 1175: Using the user-based security model 7, Configuring your nms 7
BigIron RX Series Configuration Guide
1097
53-1002484-04
Using the user-based security model
37
The command in the first example indicates that ACL group 2 will filter incoming SNMP packets,
whereas the command in the second example uses the ACL group called “myacl” to filter incoming
packets. Refer to
“Using ACLs to restrict SNMP access”
on page 58 for more information.
Displaying the SNMP community strings
To display the configured community strings, enter the following command at any CLI level.
BigIron RX(config)# show snmp server
Syntax: show snmp server
NOTE
If display of the strings is encrypted, the strings are not displayed. Encryption is enabled by default.
Using the user-based security model
SNMP version 3 (RFC 2570 through 2575) introduces a User-Based Security model (RFC 2574) for
authentication and privacy services.
SNMP version 1 and version 2 use community strings to authenticate SNMP access to
management modules. This method can still be used for authentication. In SNMP version 3, the
User-Based Security model of SNMP can be used to secure against the following threats:
•
Modification of information
•
Masquerading the identity of an authorized entity
•
Message stream modification
•
Disclosure of information
Furthermore, SNMP version 3 supports View-Based Access Control Mechanism (RFC 2575) to
control access at the PDU level. It defines mechanisms for determining whether or not access to a
managed object in a local MIB by a remote principal should be allowed. (Refer to
NOTE
SNMP version 3 Notification is not supported at this time. The system will generate traps in SNMP
version 1 format.
NOTE
SNMP may timeout when trying to get module temperature values. You must increase the timeout
value to 10 seconds to prevent a timeout.
Configuring your NMS
To be able to use the SNMP version 3 features.
1. Make sure that your Network Management System (NMS) supports SNMP version 3.
2. Configure your NMS agent with the necessary users.
3. Configure the SNMP version 3 features in the BigIron RX.