SNMP Support on Enterasys Switches
12-4 Configuring SNMP
Versions Supported
Enterasys devices support three versions of SNMP:
• Version 1 (SNMPv1) — This is the initial implementation of SNMP. Refer to RFC 1157 for a full
description of functionality.
• Version 2 (SNMPv2c) — The second release of SNMP, described in RFC 1907, has additions
and enhancements to data types, counter size, and protocol operations.
• Version 3 (SNMPv3) — This is the most recent version of SNMP, and includes significant
enhancements to administration and security. The major difference between SNMPv3 and
earlier versions is that v3 provides a User-Based Security Model (USM) to associate users with
managed access to security information. In addition to better security and better access
control, SNMPv3 also provides a higher degree of reliability for notifying management
stations when critical events occur.
SNMPv3 is fully described in RFC 2571, RFC 2572, RFC 2573, RFC 2574, and RFC 2575.
SNMPv1 andv2c Network Management Components
The Enterasys implementation of SNMPv1 and v2c network management components fall into the
following three categories:
•Managed devices (such as a switch).
• SNMP agents and MIBs, including SNMP traps, community strings, and Remote Monitoring
(RMON) MIBs, which run on managed devices.
• SNMP network management applications, such as the Enterasys NetSight application, which
communicate with agents to get statistics and alerts from the managed devices.
SNMPv3 User-Based Security Model (USM) Enhancements
SNMPv3 adds to v1 and v2c components by providing secure access to devices by authenticating
and encrypting frames over the network. The Enterasys supported advanced security features
provided in SNMPv3’s User-Based Security Model are as follows:
• Message integrity — Collects data securely without being tampered with or corrupted.
• Authentication — Determines the message is from a valid source.
• Encryption — Scrambles the contents of a frame to prevent it from being seen by an
unauthorized source.
Unlike SNMPv1 and SNMPv2c, in SNMPv3, the concept of SNMP agents and SNMP managers no
longer apply. These concepts have been combined into an SNMP entity. An SNMP entity consists
of an SNMP engine and SNMP applications. An SNMP engine consists of the following four
components:
– Dispatcher — Sends and receives messages.
– Message processing subsystem — Accepts outgoing PDUs from the dispatcher and
prepares them for transmission by wrapping them in a message header and returning
them to the dispatcher. Also accepts incoming messages from the dispatcher, processes
each message header, and returns the enclosed PDU to the dispatcher.
– Security subsystem — Authenticates and encrypts messages.
– Access control subsystem — This component determines which users and which
operations are allowed access to managed objects.
To Next Page
Loading...
Need help?
General