Netgear XCM8806 - 8800 SERIES 6-SLOT CHASSIS SWITCH 사용자 설명서
Chapter 3. Managing the Switch
|
81
NETGEAR 8800 User Manual
SNMPv3
SNMPv3 is an enhanced standard for SNMP that improves the security and privacy of SNMP
access to managed devices and provides sophisticated control of access to the device MIB.
The prior standard versions of SNMP, SNMPv1, and SNMPv2c, provided no privacy and little
security.
access to managed devices and provides sophisticated control of access to the device MIB.
The prior standard versions of SNMP, SNMPv1, and SNMPv2c, provided no privacy and little
security.
The following RFCs provide the foundation for the NETGEAR implementation of SNMPv3:
•
RFC 3410, Introduction to version 3 of the Internet-standard Network Management
Framework, provides an overview of SNMPv3.
•
RFC 3411, An Architecture for Describing SNMP Management Frameworks, talks about
SNMP architecture, especially the architecture for security and administration.
•
RFC 3412, Message Processing and Dispatching for the Simple Network Management
Protocol (SNMP), talks about the message processing models and dispatching that can
be a part of an SNMP engine.
be a part of an SNMP engine.
•
RFC 3413, SNMPv3 Applications, talks about the different types of applications that can
be associated with an SNMPv3 engine.
•
RFC 3414, The User-Based Security Model for Version 3 of the Simple Network
Management Protocol (SNMPv3), describes the User-Based Security Model (USM).
•
RFC 3415, View-based Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP), talks about VACM as a way to access the MIB.
•
RFC 3826 - The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP
User-based Security Model
Note:
3DES, AES 192 and AES 256 bit encryption are proprietary
implementations and may not work with some SNMP Managers.
The SNMPv3 standards for network management were driven primarily by the need for
greater security and access control. The new standards use a modular design and model
management information by cleanly defining a message processing (MP) subsystem, a
security subsystem, and an access control subsystem.
greater security and access control. The new standards use a modular design and model
management information by cleanly defining a message processing (MP) subsystem, a
security subsystem, and an access control subsystem.
The MP subsystem helps identify the MP model to be used when processing a received
Protocol Data Unit (PDU), which are the packets used by SNMP for communication. The MP
layer helps in implementing a multilingual agent, so that various versions of SNMP can
coexist simultaneously in the same network.
Protocol Data Unit (PDU), which are the packets used by SNMP for communication. The MP
layer helps in implementing a multilingual agent, so that various versions of SNMP can
coexist simultaneously in the same network.
The security subsystem features the use of various authentication and privacy protocols with
various timeliness checking and engine clock synchronization schemes. SNMPv3 is
designed to be secure against:
various timeliness checking and engine clock synchronization schemes. SNMPv3 is
designed to be secure against:
•
Modification of information, where an in-transit message is altered
•
Masquerades, where an unauthorized entity assumes the identity of an authorized entity
•
Message stream modification, where packets are delayed and/or replayed