EasyManua.ls Logo

Cisco SG350-28MP - Page 667

Cisco SG350-28MP
762 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
SNMP
Overview
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4 445
24
SNMP agents maintain a list of variables that are used to manage the device. These variables
are defined in the Management Information Base (MIB).
NOTE Due to the security vulnerabilities of other versions, it is recommended to use SNMPv3.
SNMPv3
In addition to the functionality provided by SNMPv1 and v2, SNMPv3 applies access control
and new trap mechanisms to SNMPv1 and SNMPv2 PDUs. SNMPv3 also defines a User
Security Model (USM) that includes:
Authentication—Provides data integrity and data origin authentication.
Privacy—Protects against disclosure message content. Cipher Block-Chaining (CBC-
DES) is used for encryption. Either authentication alone can be enabled on an SNMP
message, or both authentication and privacy can be enabled on an SNMP message.
However, privacy cannot be enabled without authentication.
Timeliness—Protects against message delay or playback attacks. The SNMP agent
compares the incoming message time stamp to the message arrival time.
Key Management—Defines key generation, key updates, and key use. The device
supports SNMP notification filters based on Object IDs (OID). OIDs are used by the
system to manage device features.
SNMP Workflow
NOTE For security reasons, SNMP is disabled by default. Before you can manage the device via
SNMP, you must enable SNMP on the TCP/UDP Services page.
The following is the recommended series of actions for configuring SNMP:
If you decide to use SNMPv1 or v2:
STEP 1 Navigate to the Communities page and click Add. The community can be associated with
access rights and a view in Basic mode or with a group in Advanced mode. There are two
ways to define access rights of a community:
Basic mode—The access rights of a community can configure with Read Only, Read
Write, or SNMP Admin. In addition, you can restrict the access to the community to
only certain MIB objects by selecting a view (defined in the Views page).
Advanced Mode—The access rights of a community are defined by a group (defined
in the Groups page). You can configure the group with a specific security model. The
access rights of a group are Read, Write, and Notify.

Table of Contents

Other manuals for Cisco SG350-28MP

Preview: Quick Start Guide
Quick Start Guide60 pages

Related product manuals