Snmpv3 overview – Allied Telesis AT-S102 User Manual
Page 280
Chapter 10: Configuring SNMPv3
280
SNMPv3 Overview
The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c
protocol implementation. In SNMPv3, User-based Security Model (USM)
authentication is implemented along with encryption, allowing you to
configure a secure SNMP environment.
In addition, SNMP terminology changes in the SNMPv3 protocol. In the
SNMPv1 and SNMPv2c protocols, the terms agent and manager are
used. An agent is an SNMP user while a manager is an SNMP host. In the
SNMPv3 protocol, agents and managers are called entities. In any
SNMPv3 communication, there is an authoritative entity and a non-
authoritative entity. The authoritative entity checks the authenticity of the
non-authoritative entity. And, the non-authoritative entity checks the
authenticity of the authoritative entity.
With the SNMPv3 protocol, you create users, determine the protocol used
for message authentication as well as determine if data transmitted
between two SNMP entities is encrypted. In addition, you can restrict user
privileges by determining the user’s view of the Management Information
Bases (MIB). In this way, you restrict which MIBs the user can display and
modify. In addition, you can restrict the types of messages, or traps, the
user can send. (A trap is a type of SNMP message.)
After you have created a user, you define SNMPv3 message notification.
This consists of determining where messages are sent and what types of
messages can be sent. This configuration is similar to the SNMPv1 and
SNMPv2c configuration because you configure IP addresses of trap
receivers, or hosts. In addition, with the SNMPv3 implementation you
decide what types of messages are sent.
This section further describes the features of the SNMPv3 protocol. The
following subsections are included:
“SNMPv3 Authentication Protocols” on page 281
“SNMPv3 Privacy Protocol” on page 281
“SNMPv3 MIB Views” on page 281
“SNMPv3 Storage Types” on page 283
“SNMPv3 Message Notification” on page 283