Netgear XCM8810 - 8800 SERIES 10-SLOT CHASSIS SWITCH ユーザーズマニュアル
82
|
Chapter 3. Managing the Switch
NETGEAR 8800 User Manual
•
Disclosure, where packet exchanges are sniffed (examined) and information is learned
about the contents
The access control subsystem provides the ability to configure whether access to a managed
object in a local MIB is allowed for a remote principal. The access control scheme allows you
to define access policies based on MIB views, groups, and multiple security levels.
object in a local MIB is allowed for a remote principal. The access control scheme allows you
to define access policies based on MIB views, groups, and multiple security levels.
In addition, the SNMPv3 target and notification MIBs provide a more procedural approach for
generating and filtering of notifications.
generating and filtering of notifications.
SNMPv3 objects are stored in non-volatile memory unless specifically assigned to volatile
storage. Objects defined as permanent cannot be deleted.
storage. Objects defined as permanent cannot be deleted.
Note:
In SNMPv3, many objects can be identified by a human-readable
string or by a string of hexadecimal octets. In many commands, you
can use either a character string, or a colon-separated string of
hexadecimal octets to specify objects. To indicate hexadecimal
octets, use the keyword
can use either a character string, or a colon-separated string of
hexadecimal octets to specify objects. To indicate hexadecimal
octets, use the keyword
hex
in the command.
Message Processing
A particular network manager may require messages that conform to a particular version of
SNMP. The choice of the SNMPv1, SNMPv2c, or SNMPv3 MP model can be configured for
each network manager as its target address is configured. The selection of the MP model is
configured with the
SNMP. The choice of the SNMPv1, SNMPv2c, or SNMPv3 MP model can be configured for
each network manager as its target address is configured. The selection of the MP model is
configured with the
mp-model
keyword in the following command:
configure snmpv3 add target-params [[hex <hex_param_name>] | <param_name>] user
[[hex <hex_user_name>] | <user_name>] mp-model [snmpv1 | snmpv2c | snmpv3]
sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]}
{volatile}
SNMPv3 Security
In SNMPv3 the User-Based Security Model (USM) for SNMP was introduced. USM deals
with security related aspects like authentication, encryption of SNMP messages, and defining
users and their various access security levels. This standard also encompasses protection
against message delay and message replay.
with security related aspects like authentication, encryption of SNMP messages, and defining
users and their various access security levels. This standard also encompasses protection
against message delay and message replay.
USM Timeliness Mechanisms
A NETGEAR switch has one SNMPv3 engine, identified by its snmpEngineID. The first four
octets are fixed to 80:00:11:AE, which represents the NETGEAR vendor ID. By default, the
additional octets for the snmpEngineID are generated from the device MAC address.
octets are fixed to 80:00:11:AE, which represents the NETGEAR vendor ID. By default, the
additional octets for the snmpEngineID are generated from the device MAC address.
Every SNMPv3 engine necessarily maintains two objects: SNMPEngineBoots, which is the
number of reboots the agent has experienced and SNMPEngineTime, which is the local time
since the engine reboot. The engine has a local copy of these objects and the
number of reboots the agent has experienced and SNMPEngineTime, which is the local time
since the engine reboot. The engine has a local copy of these objects and the