Snmpv3 overview, Snmpv3 authentication protocols – Allied Telesis AT-S70 User Manual

Page 136

Advertising
background image

Chapter 9: SNMPv3

136

SNMPv3 Overview

The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c
protocol implementation. In SNMPv3, User-based Security Model (USM)
authentication is implemented along with encryption, allowing you to
configure a secure SNMP environment.

In addition, SNMP terminology changes in the SNMPv3 protocol. In the
SNMPv1 and SNMPv2c protocols, the terms agent and manager are
used. An agent is an SNMP user while a manager is an SNMP host. In the
SNMPv3 protocol, agents and managers are called entities. In any
SNMPv3 communication, there is an authoritative entity and a non-
authoritative entity. The authoritative entity checks the authenticity of the
non-authoritative entity. And, the non-authoritative entity checks the
authenticity of the authoritative entity.

With the SNMPv3 protocol, you create users, determine the protocol used
for message authentication as well as determine if data transmitted
between two SNMP entities is encrypted. In addition, you can restrict user
privileges by determining the user’s view of the Management Information
Bases (MIB). In this way, you restrict which MIBs the user can display and
modify. In addition, you can restrict the types of messages, or traps, the
user can send. (A trap is a type of SNMP message.)

After you have created a user, you define SNMPv3 message notification.
This consists of determining where messages are sent and what types of
messages can be sent. This configuration is similar to the SNMPv1 and
SNMPv2c configuration because you configure IP addresses of trap
receivers, or hosts. In addition, with the SNMPv3 implementation you
decide what types of messages are sent.

This section further describes the features of the SNMPv3 protocol. The
following subsections are included:

ˆ

“SNMPv3 Authentication Protocols” on page 136

ˆ

“SNMPv3 Privacy Protocol” on page 137

ˆ

“SNMPv3 MIB Views” on page 138

ˆ

“SNMPv3 Storage Types” on page 139

ˆ

“SNMPv3 Message Notification” on page 139

ˆ

“SNMPv3 Tables” on page 140

ˆ

“SNMPv3 Configuration Example” on page 144

SNMPv3

Authentication

Protocols

The SNMPv3 protocol supports two authentication protocols—HMAC-
MD5-96 (MD5) and HMAC-SHA-96 (SHA). Both MD5 and SHA use an
algorithm to generate a message digest. Each authentication protocol
authenticates a user by checking the message digest. In addition, both

Advertising
See also other documents in the category Allied Telesis Computer hardware: