USM uses Cipher Block Chaining (CBC)-DES (DES-56) as the privacy protocol for message encryption.
View-Based Access Control Model
The View-Based Access Control Model (VACM) enables SNMP users to control access to SNMP managed
objects by supplying read, write, or notify access to SNMP objects. It prevents access to objects restricted by
views. These access policies can be set when user groups are configured with the snmp-server group
command.
MIB Views
For security reasons, it is often valuable to be able to restrict the access rights of some groups to only a subset
of the management information within the management domain. To provide this capability, access to a
management object is controlled through MIB views, which contain the set of managed object types (and,
optionally, the specific instances of object types) that can be viewed.
Access Policy
Access policy determines the access rights of a group. The three types of access rights are as follows:
• read-view access—The set of object instances authorized for the group when objects are read.
• write-view access—The set of object instances authorized for the group when objects are written.
• notify-view access—The set of object instances authorized for the group when objects are sent in a
notification.
IP Precedence and DSCP Support for SNMP
SNMP IP Precedence and differentiated services code point (DSCP) support delivers QoS specifically for
SNMP traffic. You can change the priority setting so that SNMP traffic generated in a router is assigned a
specific QoS class. The IP Precedence or IP DSCP code point value is used to determine how packets are
handled in weighted random early detection (WRED).
After the IP Precedence or DSCP is set for the SNMP traffic generated in a router, different QoS classes
cannot be assigned to different types of SNMP traffic in that router.
The IP Precedence value is the first three bits in the type of service (ToS) byte of an IP header. The IP DSCP
code point value is the first six bits of the differentiate services (DiffServ Field) byte. You can configure up
to eight different IP Precedence markings or 64 different IP DSCP markings.
Session MIB support on subscriber sessions
SNMP monitoring requires information about subscribers of all types. The
CISCO-SUBSCRIBER-SESSION-MIB is defined to model per-subscriber data as well as aggregate subscriber
(PPPoE) data. It is required to support notifications (traps) for aggregate session counts crossing configured
thresholds. Generic MIB Data Collector Manager (DCM) support for CISCO-SUBSCRIBER-SESSION-MIB,
helps faster data collection and also better handling of parallel data.
Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 5.1.x
363
Implementing SNMP
IP Precedence and DSCP Support for SNMP
To Next Page
Loading...
Need help?
General
