GarrettCom MNS-6K 4.1.4 Switch User Manual


 
MAGNUM 6K SWITCHES, MNS-6K USER GUIDE
Simple Network Management Protocol Version 3 (SNMPv3) – The third version of SNMP,
the enhancements made to secure access, different levels of access and security.
SNMP engine – A copy of SNMP that can either reside on the local or remote device
SNMP group – A collection of SNMP users that belong to a common SNMP list that defines an
access policy, in which object identification numbers (OIDs) are both read-accessible and write-
accessible. Users belonging to a particular SNMP group inherit all of these attributes defined by
the group
SNMP user – A person for which an SNMP management operation is performed. The user is
the person on a remote SNMP engine who receives the information
SNMP view – A mapping between SNMP objects and the access rights available for those
objects. An object can have different access rights in each view. Access rights indicate whether the
object is accessible by either a community string or a user
Write view – A view name (not to exceed 64 characters) for each group that defines the list of
object identifiers (OIDs) that are able to be created or modified by users of the group
Authentication – The process of ensuring message integrity and protection against message
replays. It includes both data integrity and data origin authentication
Authoritative SNMP engine – One of the SNMP copies involved in network communication
designated to be the allowed SNMP engine which protects against message replay, delay, and
redirection. The security keys used for authenticating and encrypting SNMPv3 packets are
generated as a function of the authoritative SNMP engine's engine ID and user passwords. When
an SNMP message expects a response (for example, get exact, get next, set request), the receiver of
these messages is authoritative. When an SNMP message does not expect a response, the sender is
authoritative
Data integrity – A condition or state of data in which a message packet has not been altered or
destroyed in an unauthorized manner
Data origin authentication – The ability to verify the identity of a user on whose behalf the
message is supposedly sent. This ability protects users against both message capture and replay by
a different SNMP engine, and against packets received or sent to a particular user that use an
incorrect password or security level
Encryption – A method of hiding data from an unauthorized user by scrambling the contents of
an SNMP packet
Group – A set of users belonging to a particular security model. A group defines the access rights
for all the users belonging to it. Access rights define what SNMP objects can be read, written to,
or created. In addition, the group defines what notifications a user is allowed to receive
240