Management Information Access Control - Alcatel-Lucent 7450 System Management Manual

Management Information Access Control

Management Information Access Control
By default, the OS implementation of SNMP uses SNMPv3. SNMPv3 incorporates security
model and security level features. A security model is the authentication type for the group
and the security level is the permitted level of security within a security model. The
combination of the security level and security model determines which security mechanism
handles an SNMP packet.
To implement SNMPv1 and SNMPv2c configurations, several access groups are predefined.
These access groups provide standard read-only, read-write, and read-write-all access groups
and views that can simply be assigned community strings. In order to implement SNMP with
security features, security models, security levels, and USM communities must be explicitly
configured. Optionally, additional views which specify more specific OIDs (MIB objects in
the subtree) can be configured.
Access to the management information in as SNMPv1/SNMPv2c agent is controlled by the
inclusion of a community name string in the SNMP request. The community defines the sub-
set of the agent's managed objects can be accessed by the requester. It also defines what type
of access is allowed: read-only or read-write.
The use of community strings provide minimal security and context checking for both agents
and managers that receive requests and initiate trap operations. A community string is a text
string that acts like a password to permit access to the agent on the router.
Alcatel-Lucent's implementation of SNMP has defined three levels of community-named
access:
Page 284
• Read-Only permission — Grants only read access to objects in the MIB, except
security objects.
• Read-Write permission — Grants read and write access to all objects in the MIB,
except security objects.
• Read-Write-All permission — Grants read and write access to all objects in the MIB,
including security objects.
7450 ESS System Mangement Guide