Snmpv3 authentication protocols – Allied Telesis AT-S62 User Manual

Page 224

background image

Chapter 17: SNMPv3 Configuration

Section III: SNMPv3 Operations

224

With the SNMPv3 protocol, you create users, determine the protocol
used for message authentication as well as determine if data transmitted
between an SNMP agent and an NMS is encrypted. In addition, you have
the ability to restrict user privileges by determining the user’s view of the
Management Information Bases (MIBs). In this way, you restrict which
MIBs the user can display and modify. In addition, you can restrict the
types of messages the switch can send on behalf of a user.

After you have created a user, you define SNMPv3 message notification.
This consists of determining where messages are sent and what types of
messages can be sent. This configuration is similar to the SNMPv1 and
SNMPv2c configuration because you configure IP addresses of trap
receivers, or hosts. In addition, with the SNMPv3 implementation you
decide what types of messages can be sent.

This section further describes the features of the SNMPv3 protocol. The
following subsections are included:

SNMPv3 Authentication Protocols on page 224

SNMPv3 Privacy Protocol on page 225

SNMPv3 MIB Views on page 225

SNMPv3 Storage Types on page 226

SNMPv3 Message Notification on page 226

SNMPv3 Tables on page 227

SNMPv3 Configuration Example on page 232

SNMPv3

Authentication

Protocols

The SNMPv3 protocol supports two authentication protocols—HMAC-
MD5-96 (MD5) and HMAC-SHA-96 (SHA). Both MD5 and SHA use an
algorithm to generate a message digest. Each authentication protocol
authenticates a user by checking the message digest. In addition, both
protocols use keys to perform authentication. The keys for both
protocols are generated locally using the Engine ID, a unique identifier
that is assigned to each switch automatically, and the user password.
You modify a key only by modifying the user password.

In addition, you have the option of assigning no user authentication. In
this case, no authentication is performed for this user. Allied Telesyn
does not recommend this configuration for security reasons.

Note

The keys generated by the MD5 and SHA protocols are specific to
the SNMPv3 protocol. They have no relation to the SSL and SSH keys
for encryption.