Snmpv3 overview – Allied Telesis AT-S62 User Manual

Page 349

background image

AT-S62 Menus Interface User’s Guide

Section III: SNMPv3 Operations

349

SNMPv3 Overview

The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c
protocol implementation which is described in Chapter 5: SNMPv1 and
SNMPv2c Configuration on page 80. In the SNMPv3
protocol, User-based
Security Model (USM) authentication is implemented along with
encryption, allowing you to configure a secure SNMP environment.

The SNMP terminology changes in the SNMPv3 protocol. In the SNMPv1
and SNMPv2c protocols, there are two actors in an SNMP network—a
manager and an agent. A manager is a server that runs SNMP
management software. The manager is often called the Network
Management System (NMS). An agent is the SNMP software that runs on
a network device, such as the AT-8500 Series switch. An NMS is
responsible for querying, or polling, agents in the network. In addition,
the agent sends messages to the NMS indicating events. In the AT-S62
implementation of SNMPv3, the switch sends trap and inform messages.

In SNMPv3, managers and agents are both called entities. Each entity
consists of an Engine Id and SNMP applications. Each AT-8500 Series
switch has a unique Engine ID number. The roles of authoritative entity
and non-authoritative entity can change depending on the type of
message that is sent. Consider the following three cases:

❑ The NMS sends an inform message to the switch. Once a network

device (either an NMS or the switch) sends an inform message, the
network device expects a response to this type of message. When
the switch receives an inform message, then the switch is
considered an authoritative entity. In this case, the NMS is the
non-authoritative entity.

❑ If the switch sends a trap message (a type of message that does

not expect a response), then the switch is considered the
authoritative entity. In this case, the NMS is the non-authoritative
entity.

❑ If the switch sends an inform message, then the NMS is

considered the authoritative entity. In this case, the switch is the
non-authoritative entity

The concept of entities is important because they help define an internal
architecture for the SNMPv3 protocol—as opposed to just defining a set
of messages. This new architecture makes the protocol more secure. For
more details about the architecture, consult the SNMPv3 RFCs. For the
SNMP RFCs supported by this release of the AT-S62 software, see SNMP
Management Session on page 33.