SNMP Versions and Workflow

SNMP : Overview : SNMP Versions and Workflow

The device functions as SNMP agent and supports SNMPv1, v2, and v3. It also reports system events to trap receivers using the traps defined in the supported MIBs (Management Information Base).

SNMPv1 and v2

To control access to the system, a list of community entries is defined. Each community entry consists of a community string and its access privilege. The system responds only to SNMP messages specifying the community which has the correct permissions and correct operation.

SNMP agents maintain a list of variables that are used to manage the device. These variables are defined in the Management Information Base (MIB).

NOTE Due to the security vulnerabilities of other versions, it is recommended to use SNMPv3.

SNMPv3

In addition to the functionality provided by SNMPv1 and v2, SNMPv3 applies access control and new trap mechanisms to SNMPv1 and SNMPv2 PDUs. SNMPv3 also defines a User Security Model (USM) that includes:

• Authentication—Provides data integrity and data origin authentication.

• Privacy—Protects against disclosure message content. Cipher Block-Chaining (CBC-DES) is used for encryption. Either authentication alone can be enabled on an SNMP message, or both authentication and privacy can be enabled on an SNMP message. However, privacy cannot be enabled without authentication.

• Timeliness—Protects against message delay or playback attacks. The SNMP agent compares the incoming message time stamp to the message arrival time.