Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

161

162

163

164

165

166

167

168

169

170

ServerIron ADX Administration Guide 149

53-1002434-01

Using the user-based security mode

NOTE

If display of the strings is encrypted, the strings are not displayed. Encryption is enabled by default.

Using the user-based security mode

SNMP version 3 (RFC 2570 through 2575) introduces a User-Based Security model (RFC 2574) for

authentication and privacy services.

SNMP version 1 and version 2 use community strings to authenticate SNMP access to

management modules. This method can still be used for authentication. In SNMP version 3, the

User-Based Security model of SNMP can be used to secure against the following threats:

• Modification of information

• Masquerading the identity of an authorized entity

• Message stream modification

• Disclosure of information

Furthermore, SNMP version 3 supports View-Based Access Control Mechanism (RFC 2575) to

control access at the PDU level. It defines mechanisms for determining whether or not access to a

managed object in a local MIB by a remote principal should be allowed.

Configuring your NMS

To be able to use the SNMP version 3 features, perform the following steps.

1. Make sure that your Network Manager System (NMS) supports SNMP version 3.

2. Configure your NMS agent with the necessary users.

3. Configure the SNMP version 3 features in the ServerIron ADX.

Configuring SNMP version 3 on the ServerIron ADX

To configure SNMP version 3 on the ServerIron ADX, do the following:

1. Enter an engine ID for the management module using the snmp-server engineid command if

you will not use the default engine ID. See “Defining the engine ID” on page 150.

2. Create views that will be assigned to SNMP user groups using the snmp-server view command.

3. Create ACL groups that will be assigned to SNMP user groups using the access-list command.

Refer to the “Access Control List” chapter in the ServerIron ADX Sercurity Guide for details.

4. Create user groups using the snmp-server group command. See “Defining an SNMP group” on

page 150.

5. Create user accounts and associate these accounts to user groups using the snmp-server user

command. See“Defining an SNMP user account” on page 151.

If SNMP version 3 is not configured, then community strings by default are used to authenticate

access.

Even if SNMP version 3 users are configured on the device, the system will still accept SNMP

version 1, 2c and 3 PDUs from the remote manager.