Avaya P334T-ML Switch User Manual


 
Chapter 8 User Authentication
Avaya P334T-ML User’s Guide 41
’WriteCommG’ group by default. This allows you to view the agent’s MIB tree and
change any of the values in the MIB tree.
L If you delete the ReadCommN or WriteCommN users, the ReadCommG or
WriteCommG groups, or the SNMPv1View you may not be able to access the
switch using SNMPv1 or SNMPv2c.
In addition, traps are sent to designated trap receivers. Packets with trap
information also contains a trap community string.
SNMPv2c
SNMPv2c is very similar to SNMPv1. However, SNMPv2c adds support for the
get-bulk action and supports a different trap format.
SNMPv3
SNMPv3 enables the following features over SNMPv1 or v2c:
User authentication with a username and password.
Communication encryption between the Network Management Station (NMS)
and the SNMP agent at the application level
Access control definition for specific MIB items available on the SNMP agent
Notification of specified network events directed toward specified users
Definition of roles using access control, each with unique access permissions
and authentication/encryption requirements
The basic components in SNMPv3 access control are users, groups, and views.
In addition. SNMPv3 uses an SNMP engine ID to identify SNMP identity. An
SNMP engine ID is assigned to each IP address of each device in the network. Each
SNMP engine ID should be unique in the network.
Users
SNMPv3 uses the User-based Security Model (USM) for security, and the
View-based Access Control Model (VACM) for access control. USM uses the
HMAC-MD5-96 and HMAC-SHA-96 protocols for user authentication, and the
CBC-DES56 protocol for encryption or privacy.
A maximum of 21 users, including local users and remote users getting notifications
can be defined on a stack. If the SNMP engine ID changes, all users other than the
default user for the stack are invalid and must be redefined. The SNMP engine ID
can be changed via the CLI. In addition, a change in the IP address of the stack
automatically changes the SNMP engine ID.
SNMPv3 supports three security levels:
NoAuthNoPriv – This is the lowest level of SNMPv3 security. No (Message
Authentication Code) MAC is provided with the message, and no encryption is
performed. This method is maintains the same security level as SNMPv1, but
provides a method for limiting the access rights of a user.