Chapter 24 Configuring Snmp; Snmp Terminology - Cisco WS-C2948G-GE-TX Configuration Manual

SNMP Terminology

Table 24-1 SNMP Terminology
Term
authentication
authoritative
SNMP engine
community string A text string used to authenticate messages between a management station and an
data integrity
data origin
authentication
encryption
group
notification host
notify view
privacy
read view
security level
security model
Simple Network
Management
Protocol (SNMP)
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Software Configuration Guide—Release 8.2GLX
24-2
Definition
The process of ensuring message integrity and protection against message replays,
including data integrity and data origin authentication.
One of the SNMP copies used in network communication is designated as the
allowed SNMP engine that protects against message replay, delay, and redirection.
The security keys that are used for authenticating and encrypting SNMPv3 packets
are generated as a function of the authoritative SNMP engine's engine ID and user
passwords. When an SNMP message expects a response (for example, get exact, get
next, set request), the receiver of these messages is authoritative. When an SNMP
message does not expect a response, the sender is authoritative.
SNMPv1 or SNMPv2c engine.
A condition or state of data in which a message packet has not been altered or
destroyed in an unauthorized manner.
The ability to verify the identity of a user on whose behalf the message is
supposedly sent. This ability protects users against both message capture and replay
by a different SNMP engine, and against packets that are received or sent to a
particular user that uses an incorrect password or security level.
A method of hiding data from an unauthorized user by scrambling the contents of
an SNMP packet.
A set of users belonging to a particular security model. A group defines the access
rights for all the users belonging to it. Access rights define the SNMP objects that
can be read, written to, or created. In addition, the group defines the notifications
that a user is allowed to receive.
An SNMP entity to which notifications (traps) are to be sent.
A view name (not to exceed 64 characters) for each group; the view name defines
the list of notifications that can be sent to each user in the group.
An encrypted state of the contents of an SNMP packet; in this state, the contents
are prevented from being disclosed on a network. Encryption is performed with an
algorithm called CBC-DES (DES-56).
A view name (not to exceed 64 characters) for each group; the view name defines
the list of object identifiers (OIDs) that can be read by users belonging to the group.
A type of security algorithm that is performed on each SNMP packet. There are
three levels: noauth, auth, and priv. The noauth level authenticates a packet by a
string match of the username. The auth level authenticates a packet by using either
the HMAC MD5 or SHA algorithms. The priv level authenticates a packet by using
either the HMAC MD5 or SHA algorithms and encrypts the packet using the
CBC-DES (DES-56) algorithm.
The security strategy that is used by the SNMP agent. Currently, software supports
three security models: SNMPv1, SNMPv2c, and SNMPv3.
A network management protocol that provides a means to monitor and control
network devices, and to manage configurations, statistics collection, performance,
and security.
Chapter 24 Configuring SNMP
78-15908-01