Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

761

762

763

764

765

766

767

768

769

770

Protocol Overview

Network management stations use SNMP to retrieve or alter management data from network elements.

A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements

store managed objects in a database called a management information base (MIB).

MIBs are hierarchically structured and use object identiers to address managed objects, but managed objects also have a textual name

called an object descriptor.

You can download the latest MIB les from the following path:

• https://www.force10networks.com/CSPortal20/Main/SupportMain.aspx.

Implementation Information

The following describes SNMP implementation information.

• Dell Networking OS supports SNMP version 1 as dened by RFC 1155, 1157, and 1212, SNMP version 2c as dened by RFC 1901, and

SNMP version 3 as dened by RFC 2571.

• Dell Networking OS supports up to 16 trap receivers.

• Dell Networking OS implementation of the sFlow MIB supports sFlow conguration via SNMP sets.

• SNMP traps for the spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) state changes are based on BRIDGE

MIB (RFC 1483) for STP and IEEE 802.1 draft ruzin-mstp-mib-02 for MSTP.

SNMPv3 Compliance With FIPS

SNMPv3 is compliant with the Federal information processing standard (FIPS) cryptography standard. The Advanced Encryption Standard

(AES) Cipher Feedback (CFB) 128-bit encryption algorithm is in compliance with RFC 3826. SNMPv3 provides multiple authentication and

privacy options for user conguration. A subset of these options are the FIPS-approved algorithms: HMAC-SHA1-96 for authentication and

AES128-CFB for privacy. The other options are not FIPS-approved algorithms because of known security weaknesses. The AES128-CFB

privacy option is supported and is compliant with RFC 3826.

The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when the system is congured

with the fips mode enable command in Global Conguration mode. When the FIPS mode is enabled on the system, SNMPv3

operates in a FIPS-compliant manner, and only the FIPS-approved algorithm options are available for SNMPv3 user conguration. When

the FIPS mode is disabled on the system, all options are available for SNMPv3 user conguration.

The following table describes the authentication and privacy options that can be congured when the FIPS mode is enabled or disabled:

Table 71. Authentication and Privacy Options

FIPS Mode Privacy Options Authentication Options

Disabled des56 (DES56-CBC)

aes128 (AES128-CFB)

md5 (HMAC-MD5-96)

sha (HMAC-SHA1-96)

Enabled aes128 (AES128-CFB) sha (HMAC-SHA1-96)

To enable security for SNMP packets transferred between the server and the client, you can use the snmp-server user username

group groupname 3 auth authentication-type auth-password priv aes128 priv-password command to specify

that AES-CFB 128 encryption algorithm needs to be used.

Dell(conf)#snmp-server user snmpguy snmpmon 3 auth sha AArt61wq priv aes128 jntRR59a

Simple Network Management Protocol (SNMP)

765