SNMP
7705 SAR OS System Management Guide Page 155
The SNMP agent provides management information to support a collection of IETF
specified MIBs and a number of MIBs defined to manage device parameters and network
data unique to the 7705 SAR.
SNMP Versions
The agent supports multiple versions of the SNMP protocol.
• SNMP Version 1 (SNMPv1) is the original Internet-standard network management
framework.
SNMPv1 provides access control for communities and uses a community string
match for authentication.
• SNMPv2c uses a community string match for authentication.
• SNMP Version 3 (SNMPv3) provides access control for users. In SNMPv3, User-
based Security Model (USM) defines the user authentication and encryption
features. The View Access Control MIB (VACM) defines the user access control
features. The SNMP-COMMUNITY-MIB is used to associate SNMPv1/SNMPv2c
community strings with SNMPv3 VACM access control.
SNMPv3 uses a user name match for authentication.
Management Information Access Control
By default, the 7705 SAR implementation of SNMP uses SNMPv3. SNMPv3 incorporates
security model and security level features. A security model is the authentication type for the
group and the security level is the permitted level of security within a security model. The
combination of the security level and security model determines which security mechanism
handles an SNMP packet.
To implement SNMPv1 and SNMPv2c configurations, several access groups are predefined.
These access groups are standard read-only, read-write, and read-write-all access groups and
views that can simply be assigned community strings. In order to implement SNMP with
security features, security models, security levels, and USM communities must be explicitly
configured. Optionally, additional views that specify more specific OIDs (MIB objects in
the subtree) can be configured.
Access to the management information in an SNMPv1/SNMPv2c agent is controlled by the
inclusion of a community name string in the SNMP request. The community defines the
subset of the agent’s managed objects that can be accessed by the requester. It also defines
what type of access is allowed: read-only or read-write.
To Next Page
Loading...
