Avaya 580 사용자 설명서
Document No. 10-300077, Issue 2
5-3
Configuring SNMP
Authentication and Encryption
Localized Keys
To perform authentication and encryption, the switch and NMS (network
management system) share localized keys. When sending a PDU to the
switch, the NMS (network management system) generates the localized key
and places it in the PDU. When the switch receives the PDU, it compares
the localized key in the PDU to the localized key stored in the switch
memory. If the two versions match, the PDU is authenticated or decrypted.
management system) share localized keys. When sending a PDU to the
switch, the NMS (network management system) generates the localized key
and places it in the PDU. When the switch receives the PDU, it compares
the localized key in the PDU to the localized key stored in the switch
memory. If the two versions match, the PDU is authenticated or decrypted.
To generate a localized key, the switch and NMS use HMAC-MD5 or
HMAC-SHA to:
HMAC-SHA to:
1. Hash the user password. The hashed user password is called the non-
localized key.
2. Hash a combination of the non-localized key and the engine ID of the
switch. This hashed combination is the localized key.
The NMS stores the non-localized key and generates the localized key only
before sending a PDU to the switch. Each time you create a new SNMP
user, the switch generates and stores the localized key for that user.
before sending a PDU to the switch. Each time you create a new SNMP
user, the switch generates and stores the localized key for that user.
If authentication is enabled for a user, he or she must have an authentication
password. And if encryption is enabled for a user, he or she must have an
encryption password. For information on setting these passwords, see
“
password. And if encryption is enabled for a user, he or she must have an
encryption password. For information on setting these passwords, see
“
.”
Engine ID
To perform authentication or encryption, the switch must have an engine
ID. By default the engine ID is based on the IP address of the ethernet
console port. You can, however, change the engine ID of the switch. For
information on how to change the engine ID of the switch, see “
ID. By default the engine ID is based on the IP address of the ethernet
console port. You can, however, change the engine ID of the switch. For
information on how to change the engine ID of the switch, see “
.”
If the switch is using the default engine ID and you change the IP address of
the ethernet console port, the engine ID is also changed. All user accounts
are invalid if the engine ID changes, and you must reconfigure them.
the ethernet console port, the engine ID is also changed. All user accounts
are invalid if the engine ID changes, and you must reconfigure them.