beautypg.com

Snmpv3 overview – Allied Telesis AT-S60 User Manual

Page 294

background image

Chapter 17: SNMPv3 Configuration

Section III: SNMPv3 Protocol

294

SNMPv3 Overview

The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c
protocol implementation which is described in Chapter 5: “SNMPv1 and
SNMPv2c Configuration.” In the SNMPv3 protocol, User-based Security
Model (USM) authentication is implemented along with encryption,
allowing you to configure a secure SNMP environment.

The SNMP terminology changes in the SNMPv3 protocol. In the SNMPv1
and SNMPv2c protocols, there are two actors in an SNMP network—a
manager and an agent. A manager is a server that runs SNMP
management software. The manager is often called the Network
Management System (NMS). An agent is the SNMP software that runs on
a network device, such as the AT-8400 switch. An NMS is responsible for
querying, or polling, agents in the network. In addition, the agent sends
messages to the NMS indicating events. In the AT-S60 implementation
of SNMPv3, the switch sends trap and inform messages.

In SNMPv3, managers and agents are both called entities. Each entity
consists of an Engine Id and SNMP applications. Each AT-8400 switch has
a unique Engine ID number. The roles of authoritative entity and non-
authoritative entity can change depending on the type of message that
is sent. Consider the following three cases:

❑ The NMS sends an inform message to the switch. Once a network

device (either an NMS or the switch) sends an inform message, the
network device expects a response to this type of message. When
the switch receives an inform message, then the switch is
considered an authoritative entity. In this case, the NMS is the
non-authoritative entity.

❑ If the switch sends a trap message (a type of message that does

not expect a response), then the switch is considered the
authoritative entity. In this case, the NMS is the non-authoritative
entity.

❑ If the switch sends an inform message, then the NMS is

considered the authoritative entity. In this case, the switch is the
non-authoritative entity

The concept of entities is important because they help define an internal
architecture for the SNMPv3 protocol—as opposed to just defining a set
of messages. This new architecture makes the protocol more secure. For
more details about the architecture, consult the SNMPv3 RFCs. For the
SNMP RFCs supported by this release of the AT-S60 software, see SNMP
Management Session on page 32.

See also other documents in the category Allied Telesis Computer hardware: