Connectivity Guide
– User authentication only
– User authentication and message encryption
SNMPv3
SNMP version 3 (SNMPv3) provides an enhanced security model for user authentication and encryption of SNMP messages. User
authentication requires that SNMP packets come from an authorized source. Message encryption ensures that packet contents cannot be
viewed by an unauthorized source.
To congure SNMPv3-specic security settings — user authentication and message encryption — use the snmp-server user
command. You can generate localized keys with enhanced security for authentication and privacy (encryption) passwords.
SNMP engine ID
An engine ID identies the SNMP entity, local agent, on the switch. The engine ID is an octet colon-separated number; for example,
00:00:17:8B:02:00:00:01.
When you congure an SNMPv3 user, you can specify that a localized authentication and/or privacy key be generated. The localized
password keys are generated using the engine ID of the switch. A localized key is more complex and provides greater privacy protection.
The engine ID used to generate the password keys is unique to the switch. For this reason, you cannot copy and use localized SNMP
security passwords on another switch.
SNMP groups and users
A member of an SNMP group that accesses the local SNMP agent is referred to as an SNMP user. An SNMP user on a remote device is
identied by an IP address and UDP port from which the user accesses the local agent.
In OS10, users are assigned SNMP access privielges according to the group they belong to. You congure each group for access to SNMP
MIB tree views.
SNMP views
In OS10, you congure views for each security model and level in an SNMP user group. Each type of view species the object ID (OID) in
the MIB tree hierarchy at which the view starts. You can also specify whether the rest of the MIB tree structure is included or excluded
from the view.
• A read view provides read-only access to the specied OID tree.
• A write view provides read-write access to the specied OID tree.
• A notify view allows SNMP notications (traps and informs) from the specied OID tree to be sent to other members of the group.
Congure SNMP
To set up communication with SNMP agents in your network:
• Congure the read-only, read-write, and notify access for SNMP groups.
• Congure groups with SNMP views for specied SNMP versions (security models).
104
System management