Snmp Community Co-Existence; Security Features - McDATA 316095-B21 - StorageWorks Edge Switch 2/24 Manual

SNMP Community co-existence

Security Features

User-based Security Model (USM)
which authenticate the SNMP requests based on the "community"
string.
ATTENTION!Before enabling SNMPv3, ensure all desired communities are
configured for SNMPv3 access. If existing community strings are not
configured for SNMPv3, then existing SNMP access will be lost.
When SNMPv3 is enabled, SNMP Community Coexistence table
provides a way to use the earlier versions such as SNMPv1 and
SNMPv2c. The SNMP Community Coexistence table maps the
community names for SNMPv1 and SNMPv2 to a Security Name.
After retrieving the user name (security name) for the community
string, message processing occurs in the same way as that for
SNMPv3 packets.
SNMPv3 provides the User-based Security Model (USM) and View-based
Access Control Model (V ACM) features to address authentication, data
encryption, and access control.
The main security threats to an SNMP message are modification of
information, masquerading, disclosure, and message stream
modification. The User-based Security Model (USM) protects
SNMPv3 packets from these threats by utilizing the concept of
multiple users where each user has to specify a key for authentication
and privacy. The USM deals with authenticating/encrypting/
decrypting SNMP packets. The authentication protocols supported
are HMAC-MD5-96 and HMAC-SHA-96. The privacy protocol
supported is CBC-DES.
The SNMP agent recognizes up to 32 user names that can have one of
the following security levels:
• No authentication and no privacy (none)
• Authentication only (auth only)
• Authentication and privacy (authpriv)
Network Management using SNMP
Introduction to SNMP
1
1-5