Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

Security Models and Levels

For compatibility, SNMPv3 supports three security models:

The default is USM. You can select the security model based on your network manager.

The three security levels supported by USM are:
  • noAuthnoPriv—No authentication, no privacy. This is the case with existing SNMPv1/v2c agents.
  • AuthnoPriv—Authentication, no privacy. Messages are tested only for authentication.
  • AuthPriv—Authentication, privacy. This represents the highest level of security and requires every message exchange to pass the authentication and encryption tests.

When a user is created, an authentication method is selected, and the authentication and privacy passwords or keys are entered.

When RSA Data Security, Inc. MD5 (Message-Digest algorithm 5) Message-Digest Algorithm authentication is specified, HMAC-MD5-96 is used to achieve authentication with a 16-octet key, which generates a 128-bit authorization code. This authorization code is inserted in the msgAuthenticationParameters field of SNMPv3 PDUs when the security level is specified as either AuthnoPriv or AuthPriv. Specifying SHA authentication uses the HMAC-SHA protocol with a 20-octet key for authentication.

For privacy, the user can select any one of the following supported privacy protocols: DES, 3DES, AES 128/192/256. In the case of DES, a 16-octet key is provided as input to DES-CBS encryption protocol which generates an encrypted PDU to be transmitted. DES uses bytes 1-7 to make a 56 bit key. This key (encrypted itself) is placed in msgPrivacyParameters of SNMPv3 PDUs when the security level is specified as AuthPriv.

The SNMP (Simple Network Management Protocol) Context Name should be set to the virtual router (VR) name for which the information is requested. If the Context Name is not set the switch will retrieve the information for "VR-Default.". If the SNMP request is targeted for the protocols running per VR (see Adding and Deleting Routing Protocols), then the contextName should be set to the exact virtual-Router for which the information is requested. List of protocols running per Virtual Router:
Published March 2020prev | next

Email this topicEmail this topic

Print this pagePrint this page