Snmpv3 authentication protocols, Snmpv3 privacy protocol – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Menus Interface User’s Guide

Section IV: SNMPv3

413

ˆ

“SNMPv3 Configuration Example” on page 420

SNMPv3

Authentication

Protocols

The SNMPv3 protocol supports two authentication protocols—HMAC-
MD5-96 (MD5) and HMAC-SHA-96 (SHA). Both MD5 and SHA use an
algorithm to generate a message digest. Each authentication protocol
authenticates a user by checking the message digest. In addition, both
protocols use keys to perform authentication. The keys for both protocols
are generated locally using the Engine ID, a unique identifier that is
assigned to the switch automatically, and the user password. You modify a
key only by modifying the user password.

In addition, you have the option of assigning no user authentication. In this
case, no authentication is performed for this user. You may want to make
this configuration for someone with super-user capabilities.

Note

The keys generated by the MD5 and SHA protocols are specific to
the SNMPv3 protocol. They have no relation to the SSL and SSH
keys for encryption.

SNMPv3 Privacy

Protocol

After you have configured an authentication protocol, you have the option
of assigning a privacy protocol if you have the encrypted version of the
AT-S63 software. In SNMPv3 protocol terminology, privacy is equivalent to
encryption. Currently, the DES protocol is the only encryption protocol
supported. The DES privacy protocol requires the authentication protocol
to be configured as either MD5 or SHA.

If you assign a DES privacy protocol to a user, then you are also required
to assign a privacy password. If you choose to not assign a privacy value,
then SNMPv3 messages are sent in plain text format.