SNMP is a set of protocols for managing complex networks. SNMP sends messages, called protocol
data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store
data about themselves in Management Information Bases (MIBs) and return this data to the SNMP
requesters.

Chapter 5, “Securing Access to Management Functions”

introduced a few methods used to secure

SNMP access. They included the following:

•

“Using ACLs to restrict SNMP access”

on page 66

•

“Restricting SNMP access to a specific IP address”

on page 68

•

“Restricting SNMP access to a specific VLAN”

on page 71

•

“Disabling SNMP access”

on page 73

This chapter presents additional methods for securing SNMP access to devices. It contains the
following sections:

•

“Establishing SNMP community strings”

•

“Using the user-based security modelSNMP version 3 (RFC 2570 through 2575) introduces a
User-Based Security model (RFC 2574) for authentication and privacy services.”

•

“SNMP v3 Configuration examples”

•

“SNMP version 3 traps”

•

“Displaying SNMP Information”

•

“SNMP v3 Configuration examples”

Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of
defense when the packet arrives at a device. The next level uses one of the following methods:

•

Community string match In SNMP versions 1 and 2

•

User-based model in SNMP version 3

SNMP views are incorporated in community strings and the user-based model.