Table of Contents
Advertisement
SNMP
SNMP Versions and Workflow
NOTE
Cisco 220 Series Smart Plus Switches Administration Guide Release 1.0.0.x
SNMP v1 and v2
SNMP v1 and v2
To control access to the system, a list of SNMP communities are defined. Each
community consists of a community string and its access privilege. The system
responds only to SNMP messages specifying the community which has the
correct permissions and correct operations.
SNMP agents maintain a list of variables that are used to manage the switch.
These variables are defined in the MIB. The MIB presents the variables controlled
by the agent. All MIBs supported by the switch are listed in the
section.
Due to the security vulnerabilities of other versions, we recommend that you use
SNMPv3.
SNMP v3
SNMP v3
In addition to the functionality provided by SNMPv1 and v2, SNMPv3 applies
access control and new trap mechanisms to SNMPv1 and SNMPv2 PDUs.
SNMPv3 also defines a User Security Model (USM) that includes:
•
Authentication—Provides data integrity and data origin authentication.
•
Privacy—Protects against disclosure message content. Cipher Block-
Chaining (CBC) is used for encryption. Either authentication alone is enabled
on an SNMP message, or both authentication and privacy are enabled on an
SNMP message. However, privacy cannot be enabled without
authentication.
•
Timeliness—Protects against message delay or playback attacks. The
SNMP agent compares the incoming message time stamp to the message
arrival time.
•
Key Management—Defines key generation, key updates, and key use. The
switch supports SNMP notification filters based on Object IDs (OIDs). OIDs
are used by the switch to manage device features.
19
Supported MIBs
265
Advertisement
Table of Contents
