Chapter 8: Snmp Configuration; Snmp Configuration Summary; Snmpv1 And Snmpv2C; Snmpv3 - Enterasys SECURESTACK C3 Configuration Manual

SNMP Configuration Summary

SNMPv1 and SNMPv2c

The components of SNMPv1 and SNMPv2c network management fall into three categories:
• Managed devices (such as a switch).
• SNMP agents and MIBs, including SNMP traps, community strings, and Remote Monitoring
(RMON) MIBs, which run on managed devices.
• SNMP network management applications, such as the Enterasys NetSight application, which
communicate with agents to get statistics and alerts from the managed devices.

SNMPv3

SNMPv3 is an interoperable standards‐based protocol that provides secure access to devices by
authenticating and encrypting frames over the network. The advanced security features provided
in SNMPv3 are as follows:
–
–
–
Unlike SNMPv1 and SNMPv2c, in SNMPv3, the concept of SNMP agents and SNMP managers no
longer apply. These concepts have been combined into an SNMP entity. An SNMP entity consists
of an SNMP engine and SNMP applications. An SNMP engine consists of the following four
components:
• Dispatcher — This component sends and receives messages.
• Message processing subsystem — This component accepts outgoing PDUs from the
dispatcher and prepares them for transmission by wrapping them in a message header and
returning them to the dispatcher. The message processing subsystem also accepts incoming
messages from the dispatcher, processes each message header, and returns the enclosed PDU
to the dispatcher.
• Security subsystem — This component authenticates and encrypts messages.
• Access control subsystem — This component determines which users and which operations
are allowed access to managed objects.

About SNMP Security Models and Levels

An SNMP security model is an authentication strategy that is set up for a user and the group in
which the user resides. A security level is the permitted level of security within a security model.
The three levels of SNMP security are: No authentication required (NoAuthNoPriv);
authentication required (AuthNoPriv); and privacy (authPriv). A combination of a security model
and a security level determines which security mechanism is employed when handling an SNMP
frame. Table
authentication required within each model.
8-2 SNMP Configuration
Message integrity — Collects data securely without being tampered with or corrupted.
Authentication — Determines the message is from a valid source.
Encryption — Scrambles the contents of a frame to prevent it from being seen by an
unauthorized source.
8‐1 identifies the levels of SNMP security available on SecureStack C3 devices and