Netgear XCM8806 - 8800 SERIES 6-SLOT CHASSIS SWITCH 사용자 설명서
86
|
Chapter 3. Managing the Switch
NETGEAR 8800 User Manual
For privacy, the user can select any one of the following supported privacy protocols: DES,
3DES, AES 128/192/256. In the case of DES, a 16-octet key is provided as input to
DES-CBS encryption protocol which generates an encrypted PDU to be transmitted. DES
uses bytes 1-7 to make a 56 bit key. This key (encrypted itself) is placed in
msgPrivacyParameters of SNMPv3 PDUs when the security level is specified as AuthPriv.
3DES, AES 128/192/256. In the case of DES, a 16-octet key is provided as input to
DES-CBS encryption protocol which generates an encrypted PDU to be transmitted. DES
uses bytes 1-7 to make a 56 bit key. This key (encrypted itself) is placed in
msgPrivacyParameters of SNMPv3 PDUs when the security level is specified as AuthPriv.
SNMPv3 MIB Access Control
SNMPv3 provides a fine-grained mechanism for defining which parts of the MIB can be
accessed. This is referred to as the View-Based Access Control Model (VACM).
accessed. This is referred to as the View-Based Access Control Model (VACM).
MIB views represent the basic building blocks of VACM. They are used to define a subset of
the information in the MIB. Access to read, to write, and to generate notifications is based on
the relationship between a MIB view and an access group. The users of the access group
can then read, write, or receive notifications from the part of the MIB defined in the MIB view
as configured in the access group.
the information in the MIB. Access to read, to write, and to generate notifications is based on
the relationship between a MIB view and an access group. The users of the access group
can then read, write, or receive notifications from the part of the MIB defined in the MIB view
as configured in the access group.
A view name, a MIB subtree/mask, and an inclusion or exclusion define every MIB view. For
example, there is a System group defined under the MIB-2 tree. The Object Identifier (OID)
for MIB-2 is 1.3.6.1.2, and the System group is defined as MIB-2.1.1, or directly as
1.3.6.1.2.1.1.
example, there is a System group defined under the MIB-2 tree. The Object Identifier (OID)
for MIB-2 is 1.3.6.1.2, and the System group is defined as MIB-2.1.1, or directly as
1.3.6.1.2.1.1.
To define a MIB view which includes only the System group, use the following subtree/mask
combination:
combination:
1.3.6.1.2.1.1/1.1.1.1.1.1.1.0
The mask can also be expressed in hex notation (this is used for the XCM8800 CLI):
1.3.6.1.2.1.1/fe
To define a view that includes the entire MIB-2, use the following subtree/mask:
1.3.6.1.2.1.1/1.1.1.1.1.0.0.0
which, in the CLI, is:
1.3.6.1.2.1.1/f8
When you create the MIB view, you can choose to include the MIB subtree/mask or to
exclude the MIB subtree/mask. To create a MIB view, use the following command:
exclude the MIB subtree/mask. To create a MIB view, use the following command:
configure snmpv3 add mib-view [[hex <hex_view_name>] | <view_name>] subtree
<object_identifier> {/<subtree_mask>} {type [included | excluded]} {volatile}
After the view has been created, you can repeatedly use the
configure snmpv3 add mib-view
command to include and/or exclude MIB subtree/mask combinations to precisely define the
items you want to control access to.
items you want to control access to.
In addition to the user-created MIB views, there are three default views. They are
defaultUserView, defaultAdminView, and defaultNotifyView. To show MIB views, use the
following command:
defaultUserView, defaultAdminView, and defaultNotifyView. To show MIB views, use the
following command:
show snmpv3 mib-view {[[hex <hex_view_name>] | <view_name>] {subtree
<object_identifier>}}