beautypg.com

User-based security model, Configuring your nms, Configuring snmp version 3 on brocade devices – Brocade FastIron Ethernet Switch Administration Guide User Manual

Page 141: Defining the engine id

background image

User-based security model

SNMP version 3 (RFC 2570 through 2575) introduces a User-Based Security model (RFC 2574) for
authentication and privacy services.

SNMP version 1 and version 2 use community strings to authenticate SNMP access to management
modules. This method can still be used for authentication. In SNMP version 3, the User-Based Security
model of SNMP can be used to secure against the following threats:

• Modification of information
• Masquerading the identity of an authorized entity
• Message stream modification
• Disclosure of information

SNMP version 3 also supports View-Based Access Control Mechanism (RFC 2575) to control access at
the PDU level. It defines mechanisms for determining whether or not access to a managed object in a
local MIB by a remote principal should be allowed. For more information, refer to

SNMP v3

configuration examples

on page 151.)

Configuring your NMS

In order to use the SNMP version 3 features.

1. Make sure that your Network Manager System (NMS) supports SNMP version 3.
2. Configure your NMS agent with the necessary users.
3. Configure the SNMP version 3 features in Brocade devices.

Configuring SNMP version 3 on Brocade devices

Follow the steps given below to configure SNMP version 3 on Brocade devices.

1. Enter an engine ID for the management module using the snmp-server engineid command if you

will not use the default engine ID.Refer to

Defining the engine id

on page 141.

2. Create views that will be assigned to SNMP user groups using the snmp-server view command.

refer to

SNMP v3 configuration examples

on page 151 for details.

3. Create ACL groups that will be assigned to SNMP user groups using the access-list command.
4. Create user groups using the snmp-server group command.Refer to

Defining an SNMP group

on

page 142.

5. Create user accounts and associate these accounts to user groups using the snmp-server user

command.Refer to

Defining an SNMP user account

on page 143.

If SNMP version 3 is not configured, then community strings by default are used to authenticate
access.

Defining the engine id

A default engine ID is generated during system start up. To determine what the default engine ID of the
device is, enter the show snmp engineid command and find the following line:

Local SNMP Engine ID: 800007c70300e05290ab60

See the section

Displaying the Engine ID

on page 149 for details.

User-based security model

FastIron Ethernet Switch Administration Guide

141

53-1003075-02

See also other documents in the category Brocade Computer Accessories: