Table 27: snmpv3 security models and levels – Microsens MS453490M Management Guide User Manual
Page 370
C
HAPTER
15
| Basic Administration Protocols
Simple Network Management Protocol
– 370 –
Managed devices supporting SNMP contain software, which runs locally on
the device and is referred to as an agent. A defined set of variables, known
as managed objects, is maintained by the SNMP agent and used to manage
the device. These objects are defined in a Management Information Base
(MIB) that provides a standard presentation of the information controlled
by the agent. SNMP defines both the format of the MIB specifications and
the protocol used to access this information over the network.
The switch includes an onboard agent that supports SNMP versions 1, 2c,
and 3. This agent continuously monitors the status of the switch hardware,
as well as the traffic passing through its ports. A network management
station can access this information using network management software.
Access to the onboard agent from clients using SNMP v1 and v2c is
controlled by community strings. To communicate with the switch, the
management station must first submit a valid community string for
authentication.
Access to the switch from clients using SNMPv3 provides additional security
features that cover message integrity, authentication, and encryption; as
well as controlling user access to specific areas of the MIB tree.
The SNMPv3 security structure consists of security models, with each
model having it’s own security levels. There are three security models
defined, SNMPv1, SNMPv2c, and SNMPv3. Users are assigned to “groups”
that are defined by a security model and specified security levels. Each
group also has a defined security access to set of MIB objects for reading
and writing, which are known as “views.” The switch has a default view (all
MIB objects) and default groups defined for security models v1 and v2c.
The following table shows the security models and levels available and the
system default settings.
Table 27: SNMPv3 Security Models and Levels
Model Level
Group
Read View
Write View
Notify View Security
v1
noAuthNoPriv public
(read only)
defaultview
none
none
Community string only
v1
noAuthNoPriv private
(read/write)
defaultview
defaultview
none
Community string only
v1
noAuthNoPriv user defined user defined
user defined
user defined
Community string only
v2c
noAuthNoPriv public
(read only)
defaultview
none
none
Community string only
v2c
noAuthNoPriv private
(read/write)
defaultview
defaultview
none
Community string only
v2c
noAuthNoPriv user defined user defined
user defined
user defined
Community string only
v3
noAuthNoPriv user defined user defined
user defined
user defined
A user name match only
v3
AuthNoPriv
user defined user defined
user defined
user defined
Provides user authentication via MD5 or
SHA algorithms
v3
AuthPriv
user defined user defined
user defined
user defined
Provides user authentication via MD5 or
SHA algorithms and data privacy using
DES 56-bit encryption