Section 3.4. SNMPv3 in the Real World


3.4. SNMPv3 in the Real World

Let's briefly outline the common configuration options you should expect when you have to configure an SNMPv3 device or network management platform:


Username

This is the textual description of the person responsible for the SNMP entity that is to be managed. Sometimes referred to as security name.


Security level

Some applications require you to explicitly set the security level and others determine it based on the combination of authentication and privacy protocol in use. The specified values are noAuthNoPriv, which is no authentication and no privacy, authNoPriv, which is authentication and no privacy, and authPriv, which is authentication and privacy. Note that you cannot have privacy without authentication, but you can have authentication without privacy.


Authentication protocol

The protocol used for authenticationthat is, to prove that you are who you say you are. Currently, MD5 and SHA1 are specified in the RFCs.


Authentication passphrase

The passphrase used in conjunction with the authentication protocol. It must be at least eight characters long. You may also see it referred to as a password.


Privacy protocol

The protocol used for privacy, that is, to encrypt the data portion of the SNMP packet. Currently, DES is specified in the RFCs.


Privacy passphrase

The passphrase used in conjunction with the privacy protocol. It must be at least eight characters long. You may also see it referred to as a password.

Here are the logical steps you take when using SNMPv3-enabled devices and entities:

  1. Create a USM entry on a device with proper USM attributes: username, authentication protocol, etc.

  2. Configure the management station (if it supports SNMPv3) with the proper USM attributes for the managed device. Note that the username and passphrases created in step 1 will need to be entered manually in this step.

  3. Begin managing the device.

After all the gory technical details, isn't it nice to see that the basics of SNMPv3 really aren't all that scary?

SNMPv3 provides some much-needed security for SNMP. Many vendors already support SNMPv3, but many others, of course, do not. Vendors are often slow to change, mainly because SNMP support is generally an afterthought during the development life cycle of a switch, router, or software system. In fact, SNMP is often a bolt-on feature that isn't heavily tested and is rarely updated. But we in the network management field can only hope that more vendors embrace not only SNMP but also SNMPv3.




Essential SNMP
Essential SNMP, Second Edition
ISBN: 0596008406
EAN: 2147483647
Year: 2003
Pages: 165

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net