SNMP Support on Enterasys Switches
12-6 Configuring SNMP
Security Models and Levels
An SNMP security model is an authentication strategy that is set up for a user and the group in
which the user resides. A security level is the permitted level of security within a security model.
The three levels of SNMP security on Enterasys devices are: No authentication required
(NoAuthNoPriv); authentication required (AuthNoPriv); and privacy (authPriv). A combination
of a security model and a security level determines which security mechanism is employed when
handling an SNMP frame. Table 12-3 identifies the levels of SNMP security available on Enterasys
devices and authentication required within each model.
Access Control
In addition to the Security Models and Levels described above, the Enterasys implementation of
SNMP also provides a View-based Access Control Model (VACM), which determines remote
access to managed objects. VACM allows you to organize subsets of management information into
“views.” Management information that is in a user's view gives the user the corresponding access
level to that management information: either read, write, or notify. Individual users can be
organized into groups for whom you can pre-define what views are available based on the
USM User-Based Security Model, the SNMPv3 authentication model which relies on a
user name match for access to network management components.
VACM View-based Access Control Model, which determines remote access to SNMP
managed objects, allowing subsets of management information to be organized into
user views.
view Specifies permission for accessing SNMP MIB objects granted to a particular SNMP
user group. View types and associated access rights are:
• read - view-only access
• write - allowed to configure MIB agent contents
• notify - send trap messages
Table 12-2 SNMP Terms and Definitions (continued)
Term Definition
Table 12-3 SNMP Security Models and Levels
Model Security Level Authentication Encryption How It Works
v1 NoAuthNoPriv Community string None Uses a community string match for
authentication.
v2c NoAuthNoPriv Community string None Uses a community string match for
authentication.
v3 / USM NoAuthNoPriv User name None Uses a user name match for
authentication.
AuthNoPriv MD5 or SHA None Provides authentication based on
the HMAC-MD5 or HMAC-SHA
algorithms.
authPriv MD5 or SHA DES Provides authentication based on
the HMAC-MD5 or HMAC-SHA
algorithms. Provides DES 56-bit
encryption in addition to
authentication based on the CBC-
DES (DES-56) standard.
To Next Page
Loading...
Need help?
General