beautypg.com

Snmpv3 overview – Allied Telesis AT-S62 User Manual

Page 376

background image

Chapter 21: SNMPv3

376

Section III: SNMPv3

SNMPv3 Overview

The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c
protocol implementation which is described in Chapter 5: “SNMPv1 and
SNMPv2c Configuration” on page 89. In the SNMPv3 protocol, User-
based Security Model (USM) authentication is implemented along with
encryption, allowing you to configure a secure SNMP environment.

The SNMP terminology changes in the SNMPv3 protocol. In the SNMPv1
and SNMPv2c protocols, there are two actors in an SNMP network—a
manager and an agent. A manager is a server that runs SNMP
management software. The manager is often called the Network
Management System (NMS). An agent is the SNMP software that runs on
a network device, such as the AT-8500 Series switch. An NMS is
responsible for querying, or polling, agents in the network. In addition, the
agent sends messages to the NMS indicating events. In the AT-S62
implementation of SNMPv3, the switch sends trap and inform messages.

In SNMPv3, managers and agents are both called entities. Each entity
consists of an Engine Id and SNMP applications. Each AT-8500 Series
switch has a unique Engine ID number. The roles of authoritative entity
and non-authoritative entity can change depending on the type of
message that is sent. Consider the following three cases:

ˆ

The NMS sends an inform message to the switch. Once a network
device (either an NMS or the switch) sends an inform message, the
network device expects a response to this type of message. When the
switch receives an inform message, then the switch is considered an
authoritative entity. In this case, the NMS is the non-authoritative entity.

ˆ

If the switch sends a trap message (a type of message that does not
expect a response), then the switch is considered the authoritative
entity. In this case, the NMS is the non-authoritative entity.

ˆ

If the switch sends an inform message, then the NMS is considered
the authoritative entity. In this case, the switch is the non-authoritative
entity

The concept of entities is important because they help define an internal
architecture for the SNMPv3 protocol—as opposed to just defining a set of
messages. This new architecture makes the protocol more secure. For
more details about the architecture, consult the SNMPv3 RFCs. For the
SNMP RFCs supported by this release of the AT-S62 software, see
“SNMP Management Session” on page 34.

With the SNMPv3 protocol, you create users, determine the protocol used
for message authentication as well as determine if data transmitted
between an SNMP agent and an NMS is encrypted. In addition, you have
the ability to restrict user privileges by determining the user’s view of the
Management Information Bases (MIBs). In this way, you restrict which

See also other documents in the category Allied Telesis Computer hardware: