Table of Contents
Advertisement
U
S
SING
IMPLE
N
ETWORK
M
ANAGEMENT
P
ROTOCOL
Table 6: SNMP Security Models and Levels
Model
Level
Community String
v1
noAuth
public
NoPriv
v1
noAuth
private
NoPriv
v1
noAuth
user defined
NoPriv
v2c
noAuth
public
NoPriv
v2c
noAuth
private
NoPriv
v2c
noAuth
user defined
NoPriv
Simple Network Management Protocol (SNMP) is a communication protocol
designed specifically for managing devices on a network. Equipment
commonly managed with SNMP includes switches, routers and host
computers. SNMP is typically used to configure these devices for proper
operation in a network environment, as well as to monitor them to evaluate
performance or detect potential problems.
Managed devices supporting SNMP contain software, which runs locally on
the device and is referred to as an agent. A defined set of variables, known
as managed objects, is maintained by the SNMP agent and used to manage
the device. These objects are defined in a Management Information Base
(MIB) that provides a standard presentation of the information controlled
by the agent. SNMP defines both the format of the MIB specifications and
the protocol used to access this information over the network.
The switch includes an onboard agent that supports SNMP versions 1, 2c,
and 3. This agent continuously monitors the status of the switch hardware,
as well as the traffic passing through its ports. A network management
station can access this information using software such as HP OpenView.
Access to the onboard agent from clients using SNMP v1 and v2c is
controlled by community strings. To communicate with the switch, the
management station must first submit a valid community string for
authentication.
Access to the switch using from clients using SNMPv3 provides additional
security features that cover message integrity, authentication, and
encryption; as well as controlling user access to specific areas of the MIB
tree.
The SNMPv3 security structure consists of security models, with each
model having it's own security levels. There are three security models
defined, SNMPv1, SNMPv2c, and SNMPv3. Users are assigned to "groups"
that are defined by a security model and specified security levels. Each
group also has a defined security access to set of MIB objects for reading
and writing, which are known as "views." The switch has a default view (all
MIB objects) and default groups defined for security models v1 and v2c.
The following table shows the security models and levels available and the
system default settings.
Group
default_ro_group
default_rw_group
user defined
default_ro_group
default_rw_group
user defined
– 65 –
C
HAPTER
Read View
Write View
default_view
none
default_view
default_view
user defined
user defined
default_view
none
default_view
default_view
user defined
user defined
| Configuring the Switch
4
Configuring Security
Security
Community string only
Community string only
Community string only
Community string only
Community string only
Community string only
Hide quick links:
Advertisement
Table of Contents
