beautypg.com

Snmpv3 authentication protocols, Snmpv3 privacy protocol – Allied Telesis AT-S62 User Manual

Page 377

background image

AT-S62 Management Software Menus Interface User’s Guide

Section III: SNMPv3

377

MIBs the user can display and modify. In addition, you can restrict the
types of messages the switch can send on behalf of a user.

After you have created a user, you define SNMPv3 message notification.
This consists of determining where messages are sent and what types of
messages can be sent. This configuration is similar to the SNMPv1 and
SNMPv2c configuration because you configure IP addresses of trap
receivers, or hosts. In addition, with the SNMPv3 implementation you
decide what types of messages can be sent.

This section further describes the features of the SNMPv3 protocol. The
following subsections are included:

ˆ

“SNMPv3 Authentication Protocols” on page 377

ˆ

“SNMPv3 Privacy Protocol” on page 377

ˆ

“SNMPv3 MIB Views” on page 378

ˆ

“SNMPv3 Storage Types” on page 379

ˆ

“SNMPv3 Message Notification” on page 379

ˆ

“SNMPv3 Tables” on page 380

ˆ

“SNMPv3 Configuration Example” on page 384

SNMPv3

Authentication

Protocols

The SNMPv3 protocol supports two authentication protocols—HMAC-
MD5-96 (MD5) and HMAC-SHA-96 (SHA). Both MD5 and SHA use an
algorithm to generate a message digest. Each authentication protocol
authenticates a user by checking the message digest. In addition, both
protocols use keys to perform authentication. The keys for both protocols
are generated locally using the Engine ID, a unique identifier that is
assigned to each switch automatically, and the user password. You modify
a key only by modifying the user password.

In addition, you have the option of assigning no user authentication. In this
case, no authentication is performed for this user. Allied Telesyn does not
recommend this configuration for security reasons.

Note

The keys generated by the MD5 and SHA protocols are specific to
the SNMPv3 protocol. They have no relation to the SSL and SSH
keys for encryption.

SNMPv3 Privacy

Protocol

After you have configured an authentication protocol, you have the option
of assigning a privacy protocol if you have the encrypted version of the
AT-S62 software. In SNMPv3 protocol terminology, privacy is equivalent to
encryption. Currently, the DES protocol is the only encryption protocol
supported. The DES privacy protocol requires the authentication protocol
to be configured as either MD5 or SHA.

See also other documents in the category Allied Telesis Computer hardware: