Chapter 27 Configuring Snmp - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual
Cisco nexus 5000 series switch cli software configuration guide, nx-os 4.0(1a)n1 (ol-16597-01, january 2009)
Hide thumbs
Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
- Command reference manual (1640 pages) ,
- Messages manual (518 pages) ,
- Installation manual (288 pages)
Table of Contents
Advertisement
Chapter 27
Configuring SNMP
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
•
•
Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined
with the security level determine the security mechanism applied when the SNMP message is processed.
User-Based Security Model
Table 27-1
Table 27-1
Model
v1
v2c
v3
v3
v3
SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the
following services:
•
•
•
SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.
Cisco NX-OS uses two authentication protocols for SNMPv3:
•
•
Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3
message encryption and conforms with RFC 3826.
OL-16597-01
authNoPriv—Security level that provides authentication but does not provide encryption.
authPriv—Security level that provides both authentication and encryption.
identifies what the combinations of security models and levels mean.
SNMP Security Models and Levels
Level
noAuthNoPriv
noAuthNoPriv
noAuthNoPriv
authNoPriv
authPriv
Message integrity—Ensures that messages have not been altered or destroyed in an unauthorized
manner and that data sequences have not been altered to an extent greater than can occur
non-maliciously.
Message origin authentication—Ensures that the claimed identity of the user on whose behalf
received data was originated is confirmed.
Message confidentiality—Ensures that information is not made available or disclosed to
unauthorized individuals, entities, or processes.
HMAC-MD5-96 authentication protocol
HMAC-SHA-96 authentication protocol
Authentication
Encryption What Happens
Community string No
Community string No
Username
No
HMAC-MD5 or
No
HMAC-SHA
HMAC-MD5 or
DES
HMAC-SHA
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
Information About SNMP
Uses a community string match for
authentication.
Uses a community string match for
authentication.
Uses a username match for
authentication.
Provides authentication based on the
Hash-Based Message Authentication
Code (HMAC) Message Digest 5
(MD5) algorithm or the HMAC
Secure Hash Algorithm (SHA).
Provides authentication based on the
HMAC-MD5 or HMAC-SHA
algorithms. Provides Data Encryption
Standard (DES) 56-bit encryption in
addition to authentication based on
the Cipher Block Chaining (CBC)
DES (DES-56) standard.
27-3
- Quick Links:
- Cisco Nexus 5000 Series Switch Hardware
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
