Snmpv3; Snmpv3 Overview - Extreme Networks ExtremeWare XOS Guide Manual

This command displays the following information:
• Enable/disable state for Telnet, and SNMP access
• Login statistics
— Enable/disable state for idle timeouts
— Maximum number of CLI sessions
• SNMP community strings

SNMPv3

SNMPv3 is an enhanced standard for SNMP that improves the security and privacy of SNMP access to
managed devices and provides sophisticated control of access to the device MIB. The prior standard
versions of SNMP, SNMPv1 and SNMPv2c provided no privacy and little (or no) security.
The following six RFCs provide the foundation for Extreme Networks implementation of SNMPv3:
• RFC 3410, Introduction to version 3 of the Internet-standard Network Management Framework, provides an
overview of SNMPv3.
• RFC 3411, An Architecture for Describing SNMP Management Frameworks, talks about SNMP
architecture, especially the architecture for security and administration.
• RFC 3412, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP),
talks about the message processing models and dispatching that can be a part of an SNMP engine.
• RFC 3413, SNMPv3 Applications, talks about the different types of applications that can be associated
with an SNMPv3 engine.
• RFC 3414, The User-Based Security Model for Version 3 of the Simple Network Management Protocol
(SNMPv3), describes the User-Based Security Model (USM).
• RFC 3415, View-based Access Control Model (V ACM) for the Simple Network Management Protocol
(SNMP), talks about VACM as a way to access the MIB.

SNMPv3 Overview

The SNMPv3 standards for network management were primarily driven by the need for greater security
and access control. The new standards use a modular design and model management information by
cleanly defining a message processing subsystem, a security subsystem, and an access control
subsystem.
The message processing (MP) subsystem helps identify the MP model to be used when processing a
received Protocol Data Unit (PDU), the packets used by SNMP for communication. This layer helps in
implementing a multi-lingual agent, so that various versions of SNMP can coexist simultaneously in the
same network.
The security subsystem features the use of various authentication and privacy protocols with various
timeliness checking and engine clock synchronization schemes. SNMPv3 is designed to be secure
against:
• Modification of information, where an in-transit message is altered.
• Masquerades, where an unauthorized entity assumes the identity of an authorized entity.
• Message stream modification, where packets are delayed and/or replayed.
• Disclosure, where packet exchanges are sniffed (examined) and information is learned about the
contents.
ExtremeWare XOS 10.1 Concepts Guide
Using SNMP
41