Snmpv3 authentication protocols, Snmpv3 privacy protocol – Allied Telesis AT-S63 User Manual
Page 319
AT-S63 Management Software Menus Interface User’s Guide
Section II: Advanced Features
319
❑ ”SNMPv3 Configuration Example” on page 326
SNMPv3
Authentication
Protocols
The SNMPv3 protocol supports two authentication protocols—HMAC-
MD5-96 (MD5) and HMAC-SHA-96 (SHA). Both MD5 and SHA use an
algorithm to generate a message digest. Each authentication protocol
authenticates a user by checking the message digest. In addition, both
protocols use keys to perform authentication. The keys for both
protocols are generated locally using the Engine ID, a unique identifier
that is assigned to the switch automatically, and the user password. You
modify a key only by modifying the user password.
In addition, you have the option of assigning no user authentication. In
this case, no authentication is performed for this user. You may want to
make this configuration for someone with super-user capabilities.
Note
The keys generated by the MD5 and SHA protocols are specific to
the SNMPv3 protocol. They have no relation to the SSL and SSH keys
for encryption.
SNMPv3 Privacy
Protocol
After you have configured an authentication protocol, you have the
option of assigning a privacy protocol if you have the encrypted version
of the AT-S63 software. In SNMPv3 protocol terminology, privacy is
equivalent to encryption. Currently, the DES protocol is the only
encryption protocol supported. The DES privacy protocol requires the
authentication protocol to be configured as either MD5 or SHA.
If you assign a DES privacy protocol to a user, then you are also required
to assign a privacy password. If you choose to not assign a privacy value,
then SNMPv3 messages are sent in plain text format.