beautypg.com

Displaying the snmp community strings, Using the user-based security model, Configuring your nms – Brocade BigIron RX Series Configuration Guide User Manual

Page 1175: Using the user-based security model 7, Configuring your nms 7

background image

BigIron RX Series Configuration Guide

1097

53-1002484-04

Using the user-based security model

37

The command in the first example indicates that ACL group 2 will filter incoming SNMP packets,
whereas the command in the second example uses the ACL group called “myacl” to filter incoming
packets. Refer to

“Using ACLs to restrict SNMP access”

on page 58 for more information.

Displaying the SNMP community strings

To display the configured community strings, enter the following command at any CLI level.

BigIron RX(config)# show snmp server

Syntax: show snmp server

NOTE

If display of the strings is encrypted, the strings are not displayed. Encryption is enabled by default.

Using the user-based security model

SNMP version 3 (RFC 2570 through 2575) introduces a User-Based Security model (RFC 2574) for
authentication and privacy services.

SNMP version 1 and version 2 use community strings to authenticate SNMP access to
management modules. This method can still be used for authentication. In SNMP version 3, the
User-Based Security model of SNMP can be used to secure against the following threats:

Modification of information

Masquerading the identity of an authorized entity

Message stream modification

Disclosure of information

Furthermore, SNMP version 3 supports View-Based Access Control Mechanism (RFC 2575) to
control access at the PDU level. It defines mechanisms for determining whether or not access to a
managed object in a local MIB by a remote principal should be allowed. (Refer to

“Defining SNMP

views”

on page 1103.)

NOTE

SNMP version 3 Notification is not supported at this time. The system will generate traps in SNMP
version 1 format.

NOTE

SNMP may timeout when trying to get module temperature values. You must increase the timeout
value to 10 seconds to prevent a timeout.

Configuring your NMS

To be able to use the SNMP version 3 features.

1. Make sure that your Network Management System (NMS) supports SNMP version 3.

2. Configure your NMS agent with the necessary users.

3. Configure the SNMP version 3 features in the BigIron RX.

See also other documents in the category Brocade Computer Accessories: