Snmpv3 authentication protocols – Allied Telesis AT-S60 User Manual
Page 295
AT-S60 Management Software User’s Guide
Section III: SNMPv3 Protocol
295
With the SNMPv3 protocol, you create users, determine the protocol
used for message authentication as well as determine if data transmitted
between an SNMP agent and an NMS is encrypted. In addition, you have
the ability to restrict user privileges by determining the user’s view of the
Management Information Bases (MIBs). In this way, you restrict which
MIBs the user can display and modify. In addition, you can restrict the
types of messages the switch can send on behalf of a user.
After you have created a user, you define SNMPv3 message notification.
This consists of determining where messages are sent and what types of
messages can be sent. This configuration is similar to the SNMPv1 and
SNMPv2c configuration because you configure IP addresses of trap
receivers, or hosts. In addition, with the SNMPv3 implementation you
decide what types of messages can be sent.
This section further describes the features of the SNMPv3 protocol. The
following subsections are included:
❑ SNMPv3 Authentication Protocols on page 295
❑ SNMPv3 Privacy Protocol on page 296
❑ SNMPv3 MIB Views on page 296
❑ SNMPv3 Storage Types on page 297
❑ SNMPv3 Message Notification on page 297
❑ SNMPv3 Configuration Example on page 303
SNMPv3
Authentication
Protocols
The SNMPv3 protocol supports two authentication protocols—HMAC-
MD5-96 (MD5) and HMAC-SHA-96 (SHA). Both MD5 and SHA use an
algorithm to generate a message digest. Each authentication protocol
authenticates a user by checking the message digest. In addition, both
protocols use keys to perform authentication. The keys for both
protocols are generated locally using the Engine ID, a unique identifier
that is assigned to each switch automatically, and the user password.
You modify a key only by modifying the user password.
In addition, you have the option of assigning no user authentication. In
this case, no authentication is performed for this user. Allied Telesyn
does not recommend this configuration for security reasons.
Note
The keys generated by the MD5 and SHA protocols are specific to
the SNMPv3 protocol. They have no relation to the SSL and SSH keys
for encryption.