Snmpv3 - Extreme Networks ExtremeWare XOS Guide Manual

Enable/disable state for idle timeouts
■
Maximum number of CLI sessions
■
SNMP community strings
●
SNMP trap receiver list
●
SNMP trap receiver source IP address
●
SNMP statistics counter
●
Enable/disable state for Remote Monitoring (RMON)
●

SNMPv3

SNMPv3 is an enhanced standard for SNMP that improves the security and privacy of SNMP access to
managed devices and provides sophisticated control of access to the device MIB. The prior standard
versions of SNMP, SNMPv1 and SNMPv2c, provided no privacy and little security.
The following six RFCs provide the foundation for the Extreme Networks implementation of SNMPv3:
RFC 2570, Introduction to version 3 of the Internet-standard Network Management Framework, provides an
●
overview of SNMPv3.
RFC 2571, An Architecture for Describing SNMP Management Frameworks, talks about SNMP
●
architecture, especially the architecture for security and administration.
RFC 2572, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP),
●
talks about the message processing models and dispatching that can be a part of an SNMP engine.
RFC 2573, SNMPv3 Applications, talks about the different types of applications that can be associated
●
with an SNMPv3 engine.
RFC 2574, The User-Based Security Model for Version 3 of the Simple Network Management Protocol
●
(SNMPv3), describes the User-Based Security Model (USM).
RFC 2575, View-based Access Control Model (V ACM) for the Simple Network Management Protocol
●
(SNMP), talks about VACM as a way to access the MIB.
The SNMPv3 standards for network management were primarily driven by the need for greater security
and access control. The new standards use a modular design and model management information by
cleanly defining a message processing (MP) subsystem, a security subsystem, and an access control
subsystem.
The MP subsystem helps identify the MP model to be used when processing a received Protocol Data
Unit (PDU), which are the packets used by SNMP for communication. The MP layer helps in
implementing a multilingual agent, so that various versions of SNMP can coexist simultaneously in the
same network.
The security subsystem features the use of various authentication and privacy protocols with various
timeliness checking and engine clock synchronization schemes. SNMPv3 is designed to be secure
against:
Modification of information, where an in-transit message is altered.
●
Masquerades, where an unauthorized entity assumes the identity of an authorized entity.
●
Message stream modification, where packets are delayed and/or replayed.
●
Disclosure, where packet exchanges are sniffed (examined) and information is learned about the
●
contents.
ExtremeWare XOS 11.3 Concepts Guide
Using the Simple Network Management Protocol
85