EasyManuals Logo

Cisco NCS 5000 Series User Manual

Cisco NCS 5000 Series
188 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #35 background imageLoading...
Page #35 background image
Message integrityEnsures that messages have not been altered or destroyed in an unauthorized manner
and that data sequences have not been altered to an extent greater than can occur nonmaliciously.
Message origin authenticationEnsures that the claimed identity of the user on whose behalf received
data was originated is confirmed.
Message confidentialityEnsures that information is not made available or disclosed to unauthorized
individuals, entities, or processes.
SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.
USM uses two authentication protocols:
HMAC-MD5-96 authentication protocol
HMAC-SHA-96 authentication protocol
USM uses Cipher Block Chaining (CBC)-DES (DES-56) as the privacy protocol for message encryption.
View-Based Access Control Model
The View-Based Access Control Model (VACM) enables SNMP users to control access to SNMP managed
objects by supplying read, write, or notify access to SNMP objects. It prevents access to objects restricted by
views. These access policies can be set when user groups are configured with the snmp-server group
command.
MIB Views
For security reasons, it is often valuable to be able to restrict the access rights of some groups to only a subset
of the management information within the management domain. To provide this capability, access to a
management object is controlled through MIB views, which contain the set of managed object types (and,
optionally, the specific instances of object types) that can be viewed.
Access Policy
Access policy determines the access rights of a group. The three types of access rights are as follows:
read-view accessThe set of object instances authorized for the group when objects are read.
write-view accessThe set of object instances authorized for the group when objects are written.
notify-view accessThe set of object instances authorized for the group when objects are sent in a
notification.
IP Precedence and DSCP Support for SNMP
SNMP IP Precedence and differentiated services code point (DSCP) support delivers QoS specifically for
SNMP traffic. You can change the priority setting so that SNMP traffic generated in a router is assigned a
specific QoS class. The IP Precedence or IP DSCP code point value is used to determine how packets are
handled in weighted random early detection (WRED).
After the IP Precedence or DSCP is set for the SNMP traffic generated in a router, different QoS classes
cannot be assigned to different types of SNMP traffic in that router.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
25
Implementing SNMP
IP Precedence and DSCP Support for SNMP

Table of Contents

Other manuals for Cisco NCS 5000 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco NCS 5000 Series and is the answer not in the manual?

Cisco NCS 5000 Series Specifications

General IconGeneral
BrandCisco
ModelNCS 5000 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals