Understanding How Snmp Works; Secuirty Models And Levels - Cisco WS-C4003 - Catalyst 4000 Chassis Switch Software Configuration Manual

Chapter 23 Configuring SNMP

Understanding How SNMP Works

SNMP is an application-layer protocol that facilitates the exchange of management information between
network devices. SNMP enables network administrators to manage network performance, find and solve
network problems, and plan for network growth.
There are three versions of SNMP:
•
•
•

Secuirty Models and Levels

A security model is an authentication strategy that is set up for a user and the group in which the user
resides. A security level is the permitted level of security within a security model. A combination of a
security model and a security level will determine which security mechanism is employed when handling
an SNMP packet. Three security models are available: SNMPv1, SNMPv2c, and SNMPv3.
identifies what the combinations of security models and levels mean:
Table 23-1 Security Model Combinations
Model Level
v1
v2c
v3
v3
v3
Note the following about SNMPv3 objects:
•
•
•
78-12647-02
Version 1 (SNMPv1)—This is the initial implementation of SNMP. Refer to RFC 1157 for a full
description of functionality. See the
on page 23-4 for more information on SNMPv1.
Version 2 (SNMPv2c)—The second release of SNMP, described in RFC 1902, has additions and
enhancements to data types, counter size, and protocol operations. See the
SNMPv1 and SNMPv2c Work" section on page 23-4
Version 3 (SNMPv3)—This is the most recent version of SNMP and is fully described in RFC 2571,
RFC 2572, RFC 2573, RFC 2574, and RFC 2575. The SNMP functionality on the Catalyst
enterprise LAN switches for SNMPv1 and SNMPv2c remain intact; however, SNMPv3 has
significant enhancements to administration and security. See the
on page 23-7 for more information on SNMPv3.
Authentication Encryption What Happens
noAuthNoPriv Community
String
noAuthNoPriv Community
String
noAuthNoPriv Username
authNoPriv MD5 or SHA
authPriv MD5 or SHA
Each user belongs to a group.
A group defines the access policy for a set of users.
SNMP objects refer to an access policy for reading, writing, and creating.
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
"Understanding How SNMPv1 and SNMPv2c Work" section
for more information on SNMPv2.
No Uses a community string match for authentication.
No Uses a community string match for authentication.
No Uses a username match for authentication.
No Provides authentication based on the HMAC-MD5
or HMAC-SHA algorithms.
DES Provides authentication based on the HMAC-MD5
or HMAC-SHA algorithms. Provides DES 56-bit
encryption in addition to authentication based on
the CBC-DES (DES-56) standard.
Understanding How SNMP Works
"Understanding How
"Understanding SNMPv3" section
Table 23-1
23-3