beautypg.com

Snmp communities (version v1 and v2c), Snmpv3 entities, Snmp engine – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1769: Entity applications

background image

SNMP Introduction

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

67.11

SNMP Communities (Version v1 and v2c)

A community is a relationship between an NMS and an agent. The community name is
used like a password for a trivial authentication scheme. Both SNMPv1 and SNMPv2c
provide security based on the community name only. The concept of communities does
not exist for SNMPv3, which instead provides for a far more secure communications
method using entities, users, and groups.

SNMPv3 Entities

Entities comprise one of the basic components of the SNMPv3 enhanced architecture.
They define the functionality and internal structure of the SNMP managers and agents. An
in-depth description of entities can be found in RFC 3411, on which the following text is
based. SNMPv3 defines two entity types, a manager and an agent. Both entity types
contain two basic components: an SNMP engine and a set of applications.

SNMP Engine

The engine provides the basic services to support the agents component applications, in
this respect it performs much of the functionality expected of the ISO Session and
Presentation layers. These functions include message transmission and reception,
authentication and encryption, and access control to its managed objects database (MIB).
The SNMP engine comprises the following components:

Dispatcher

Message processing Subsystem

Security Subsystem

Access Control Subsystem

The only security subsystem presently supported is the user based security model (USM).

Each SNMP engine is identified by an snmpEngineID that must be unique within the
management system. A one to one association exists between an engine and the entity
that contains it.

Entity Applications

The following applications are defined within the agent applications:

Command Generator

Notification Receiver

Proxy Forwarder

Command Responder

Notification Originator

Other

Caution

We strongly recommend removing community membership from all
SNMPv3 configured devices to prevent access to them via SNMPv1 and
SNMv2c, which could bypass the additional SNMPv3 security features.

See also other documents in the category Allied Telesis Computer hardware: