User-Based Security Model - Cisco Nexus 5000 Series Configuration Manual

System management configuration guide

Hide thumbs Also See for Nexus 5000 Series:

Cli configuration manual (660 pages)

Configuration manual (334 pages)

Command reference manual (196 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

Table Of Contents

217

page of 217

/ 217
Contents
Table of Contents
Bookmarks

Table of Contents

SNMPv3

Model

User-Based Security Model

SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the following

services:

• Message integrity—Ensures that messages have not been altered or destroyed in an unauthorized manner

and that data sequences have not been altered to an extent greater than can occur non-maliciously.

• Message origin authentication—Ensures that the claimed identity of the user on whose behalf received

data was originated is confirmed.

• Message confidentiality—Ensures that information is not made available or disclosed to unauthorized

individuals, entities, or processes.

SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.

Cisco NX-OS uses two authentication protocols for SNMPv3:

• HMAC-MD5-96 authentication protocol

• HMAC-SHA-96 authentication protocol

Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message

encryption and conforms with RFC 3826.

The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The priv

option along with the aes-128 token indicates that this privacy password is for generating a 128-bit AES

key.The AES priv password can have a minimum of eight characters. If the passphrases are specified in clear

text, you can specify a maximum of 64 characters. If you use the localized key, you can specify a maximum

of 130 characters.

For an SNMPv3 operation using the external AAA server, you must use AES for the privacy protocol in

Note

user configuration on the external AAA server.

Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)

146

Level

Authentication

authPriv

HMAC-MD5 or

HMAC-SHA

Configuring SNMP

Encryption

What Happens

DES

Provides

authentication based

on the HMAC-MD5

or HMAC-SHA

algorithms. Provides

Data Encryption

Standard (DES)

56-bit encryption in

addition to

authentication based

on the Cipher Block

Chaning (CBC)

DES (DES-56)

standard.

Table of Contents

User-Based Security Model - Cisco Nexus 5000 Series Configuration Manual

User-Based Security Model

Related Manuals for Cisco Nexus 5000 Series

Related Content for Cisco Nexus 5000 Series

Table of Contents