Chapter 8 User Authentication
42 Avaya P334T-ML User’s Guide
• AuthNoPriv – User authentication is performed based on MD5 or SHA
algorithms. The message is sent with an HMAC that is calculated with the user
key. The data part is sent unencrypted.
• AuthPriv – User authentication is performed based on MD5 or SHA algorithms.
The message is sent in encrypted MAC that is calculated with the user key, and
the data part is sent with DES56 encryption using the user key.
To create an SNMPv3 user account, the following information must be provided:
• UserName – string representing the name of the user.
Maximum length: 32 characters.
• Authentication Protocol – The authentication protocol to use. Possible values
are: No auth, HMAC MD5, or HMAC SHA-1.
• Authentication Password – The authentication password is transformed using
the authentication protocol and the SNMP engine ID to create an authentication
key.
• Privacy Protocol – The privacy protocol to use. Possible values are: No privacy,
DES privacy.
• Privacy Password – The privacy password is transformed using the privacy
protocol and the SNMP engine ID to create a privacy key.
• GroupName – 32 character string representing the name of the group.
• SecurityModel – The security model to use. Possible values are: 1 (SNMPv1),
2 (SNMPv2c), 3 (USM).
Groups
In SNMPv3, each user is mapped to a group. The group maps its users to defined
views. These views define sets of access rights, including read, write, and trap or
inform notifications the users can receive.
The group maps its users to views based on the security mode and level with which
the user is communicating with the switch. Within a group, the following
combinations of security mode and level can be mapped to views:
• SNMPv1 – Anyone with a valid SNMPv1 community name.
• SNMPv2c – Anyone with a valid SNMPv2c community name.
• NoAuthNoPriv – An SNMPv3 user using the NoAuthNoPriv security level.
• AuthNoPriv – An SNMPv3 user using the AuthNoPriv security level.
• AuthPriv – An SNMPv3 user using the AuthPriv security level.
If views are not defined for all security modes and levels, a user can access the
highest level view below his security level. For example, if the SNMPv1 and
SNMPv2c views are undefined for a group, anyone logging in using SNMPv1 and
SNMPv2c cannot access the device. If the NoAuthNoPriv view is not defined for a
group, SNMPv3 users with a NoAuthNoPriv security level can access the SNMPv2c
view.
To create an SNMPv3 group, the following information must be provided:
• GroupName – 32 character string representing the name of the group.