SlideShare una empresa de Scribd logo

At8000 s usando snm_pv3

NetPlus
NetPlus

SNMPv3 is a more secure version of SNMP that addresses vulnerabilities in earlier versions. It provides features like authentication, encryption, and access control. The document discusses SNMPv3 concepts like views, groups, users and how to configure these security elements on an AT-8000S device using CLI commands to enable secure SNMP management.

Tecnología
1 de 50
Descargar para leer sin conexión
SNMPv3 AT-8000S Marvell Confidential
Overview • Simple Network Management Protocol Version (SNMPv3) is an interperable standars-based protocol for network mangement. • SNMPv3 provides secure access to devices by a combination of authentication and encrypting packets over the network Marvell Confidential
Overview • The following security features are included in SNMPv3: – Message integrity – Authentication – Encryption • SNMPv3 also describes how to apply the access control and the new sending traps mechanism on SNMPv1 and SNMPv2 PDUs. Marvell Confidential
Local Engine Information • Each SNMP agent maintains some local information to be used in SNMPV3 message exchanges. • An SNMP agent is considered an authoritative SNMP engine. • In incoming messages (Get, GetNext, GetBulk, Set), the agent receives, and in Trap messages, it sends to a manager. • The agent’s local information is encapsulated in message fields. Marvell Confidential
Security • RFC 2574 defines the user-based security model (USM) for SNMPv3. • This specification includes: – Authentication – Privacy – Timeliness – Key management Marvell Confidential
Authentication • Provides data integrity and data origin authentication. • Using authentication for an SNMPV3 message involves an authentication code HMAC, with the hash function either MD5 or SHA-1. • This code is created by the originator of the SNMP message and is written into the msgAuthenticationParameters field of the message. • The receiver then uses this code to validate the message’s integrity and origin. • The agent supports both HMAC-MD5 and HMAC-SHA protocols. Marvell Confidential
Privacy • Protects against disclosure of the message’s payload. • The cipher block-chaining (CBC) mode of DES is used for encryption. • The user can either employ authentication on an SNMP message, or both authentication and privacy, but not privacy without authentication. Marvell Confidential
Timeliness • Protects against message delay or replay. • The SNMP agent does timeliness check on an incoming message by comparing the time information in the message. Marvell Confidential
Key management • Defines procedures for key generation, update and use. • The keys for authentication and privacy are not passed via the SNMP protocol. • The NMS shares the keys with each agent it works with. • The RFC defines a procedure for producing the key the NMS shares with a certain agent, by using an NMS password and that agent’s engineID. • Changing an authentication or privacy key is done by changing the appropriate fields in the usmUserTable. The new key is calculated by the agent according to the old key. Marvell Confidential
Sending Traps • Defined in RFC2573. • The mechanism of sending traps defined in the SNMPv3 architecture includes the following phases: – Identifying management targets for traps – Filtering of a trap – Choosing parameters to generate the trap message – Access control checks Marvell Confidential
Access Control • RFC 2575 defines the View-Based Access Control Model (VACM), which enables an SNMP agent to force a particular set of access rights to MIB data. • Determining access rights depends on the following factors: – The principal that initiates the access request. For example, a manager responsible for a whole network configuration may have wide authority to change MIB values, while a manager with monitoring responsibility may have read-only access or even no access at all to certain MIB objects. Marvell Confidential
Access Control (Cont.) – The security level used for delivering the SNMP request in the network. Usually, a manager will obligate the use of authentication for set requests. – The security model used for processing the SNMP request. The agent can define different levels of access for security models SNMPv1 and SNMPv2, in which no security policy has been used for the message, and the SNMPv3 User-Based Security Model. – The MIB context in the request. A context is a notion, which can be defined as a named subgroup of MIB object instances. Marvell Confidential
Access Control (Cont.) – An SNMP agent can maintain one or more contexts, and a MIB object or object instance can belong to one or more contexts. – For example, an agent can maintain information of multiple devices, with each of them represented by a different context name. – The originator of an SNMP request should fill the name of the context of the MIB data it wants to access in the contextName field of the message. – The specific object instance for which access is requested. Some objects contain information, which is more sensitive than that of others. Marvell Confidential
Access Control (Cont.) – The type of access, which is requested: read, write or notify. – A different access control policy may be applied for each one of these management operations. Marvell Confidential
SNMPv3 Implementation AT-8000S Marvell Confidential
SNMPv3 in AT-8000S • MD5 keys and passwords are saved in the configuration file. • Some checks are made on user entries, to facilitate correct configuration of SNMPv3 (and help the user avoid mistakes). • Definition of a username and community are contingent upon definition of a group name. Marvell Confidential
User controls The user can configure the following per SNMP manager and trap receiver: • Mode of operation (version of SNMP to use). • Authentication and encryption facilities used. • MIB access rights (read, write, notify). The user can configure the following per system: • SNMPv3 Engine ID. Marvell Confidential
SNMPv3 – CLI Commands AT-8000S Marvell Confidential
Enabling SNMP community • Use the following global configuration command to set up the community access string to permit access to the SNMP command. snmp-server community community [ro | rw | su] [ip-address] [view view-name] snmp-server community-group community group-name [ip-address] community Community string that acts like a password and permits access to the SNMP protocol(up to 20 chars). Marvell Confidential
Enabling SNMP community (Cont.) • To remove a specified community string use: no snmp-server community community [ip-address] Marvell Confidential
Creating/updating a View Entry • Use the following global configuration command to create or update a view entry. To remove the specified SNMP server view entry, use the “no” form of this command. snmp-server view view-name oid-tree {included | excluded} no snmp-server view view-name [oid-tree] view-name Label for the view record that you are updating or creating. The name is used to reference the record. oid-tree Object identifier of the ASN.1 subtree to be included or excluded from the view. Included The view type is included. excluded The view type is excluded. Marvell Confidential
Creating/updating a View Entry (Cont.) Example: console(config)# snmp-server view user-view system included console(config)# snmp-server view user-view system.7 excluded console(config)# snmp-server view user-view ifEntry.*.1 included Marvell Confidential
Mapping SNMP Users to SNMP Views • Use the following global configuration command to configure a new SNMP group, or a table that maps SNMP users to SNMP views. To remove a specified SNMP group, use the no form of this command. snmp-server group groupname {v1 | v2 | v3 {noauth | auth | priv}} [notify notifyview ] [read readview] [write writeview] no snmp-server group groupname [v1 | v2 | v3 [noauth | auth | priv] Console (config)# snmp-server group user-group v3 priv read user-view Marvell Confidential
SNMP engineID • Use the following Global Configuration mode command to specifies the SNMP engineID on the local device. To remove the configured engine ID, use the no form of this command. snmp-server engineID local { engineid-string | default} no snmp-server engineID local engineid-string—Specifies a character string that identifies the engine ID. (Range: 9-64 hexa characters) default—The engine ID is created automatically based on the device MAC address. console(config)# snmp-server engineid local default Marvell Confidential
Configure SNMPv3 User • Use the following global configuration command to configure a new SNMP Version 3 user. To remove a user, use the no form of the command. snmp-server user username groupname [remote engineid-string] [ auth-md5 password |auth-sha password | auth-md5-key md5-des-keys | auth-sha-key sha-des-keys ] no snmp-server user username username The name of the user on the host that connects to the agent. groupname The previously-defined name of the group to which the user belongs. engineid-string—Specifies the engine ID of the remote SNMP entity to which the user belongs. Marvell Confidential
Configure SNMPv3 User (Cont.) • If auth-md5 or auth-sha is specified, both authentication and privacy are enabled for the user. • When you enter a “show running-config” command, you will not see a line for this user. • To see if this user has been added to the configuration, type the “show snmp user” command. • An SNMP EnginID has to be defined to add SNMP users to the device Marvell Confidential
Enable Sending Traps • Use the following Global Configuration command to enable the device to send SNMP traps. To disable SNMP traps, use the no form of the command. snmp-server enable traps no snmp-server enable traps Marvell Confidential
Enable Authentication Traps • Use the following Global Configuration command to enable the device to send SNMP traps when authentication fails. To disable these SNMP traps, use the no form of the command. snmp-server traps authentication no snmp-server traps authentication Marvell Confidential
SNMP Filter Entry • Use the following global configuration command to create or update a filter entry. To remove the specified SNMP server filter entry, use the no form of this command: snmp-server filter filter-name oid-tree {included | excluded} no snmp-server filter filter-name [oid-tree] console(config)# snmp-server filter filter-name system included console(config)# snmp-server filter filter-name system.7 excluded console(config)# snmp-server filter filter-name ifEntry.*.1 included Marvell Confidential
Recipient of SNMPv3 Notification • Use the following global configuration command to specify the recipient of SNMP V3 notification operation: snmp-server v3-host {ipaddr|hostname} username [traps | informs] {noauth | auth | priv} [udp-port port] [filter filtername] [timeout seconds] [retries retries] To delete the recipient use: no snmp-server v3-host host-addr [traps | informs] [username] Marvell Confidential
Recipient of SNMPv3 Notification (Cont.) • If a trap and inform are defined on the same target, and an inform was sent, the trap would not be sent. • A user and notification view are not automatically created. Use the snmp-server user, snmpserver group and snmp- server view Global Configuration mode commands to generate a user, group and notify group, respectively. Marvell Confidential
Review SNMP v.1, v.2 Commands Marvell Confidential
Snmp Server Host • Use the following global configuration command to specify the recipient of Simple Network Management Protocol Version 1 or Version 2 notifications. • snmp-server host {ip-address | hostname} community-string [traps | informs] [1 | 2] [udp-port port] [filter filtername] [timeout seconds] [retries retries] To remove the specified host, use the no form of this command. • no snmp-server host {ip-address | hostname} [traps | informs] Marvell Confidential
Snmp Server contact • Use the following global configuration command to configure the system contact (sysContact) string. • snmp-server contact text To remove system contact information, use the no form of the command. no snmp-server contact Marvell Confidential
Snmp Server Location • Use the following global configuration command to configure the system location string. snmp-server location text To remove system contact information, use the no form of the command. no snmp-server location Marvell Confidential
Snmp Server Set • Use the following global configuration command to define the SNMP MIB value. snmp-server set variable-name name1 value1 [ name2 value2 …] • Although the CLI can set any required configuration, there might be a situation where a SNMP user sets a MIB variable that does not have an equivalent command. In order to generate configuration files that support those situations, the snmp-server set command is used. Marvell Confidential
Device Configuration Marvell Confidential
SNMPv3 View #1: MIB X included MIB Y excluded … User_ID Group_ID … … View #n: MIB X included MIB Y excluded … Marvell Confidential
View configuration • Configuring 3 views: a1, a2, a3: console(config)# snmp-server view a1 ip included console(config)# snmp-server view a1 ipForwarding excluded console(config)# snmp-server view a2 internet included console(config)# snmp-server view a3 ipDefaultTTL included console(config)# exit console# show snmp views Name OID Tree Type ------------------- ------------------------- -------- a1 ip included a1 ipForwarding excluded a2 internet included a3 ipDefaultTTL included Default iso included Default snmpVacmMIB excluded Default usmUser excluded Default snmpCommunityTable excluded Default rndCommunityTable excluded DefaultSuper iso included Marvell Confidential
Group configuration • Configuring 3 groups: b1, b2, b3: console(config)# snmp-server group b1 v3 auth read Default write a1 console(config)# snmp-server group b2 v3 noauth read a2 write a2 console(config)# snmp-server group b3 v3 priv read a3 console(config)# exit console# show snmp groups Name Security Views Model Level Read Write Notify ------------------ ------ ---------- -------- --------- ----------- b1 V3 auth Default a1 - b2 V3 noauth a2 a2 - b3 V3 priv a3 - - Marvell Confidential
Engine ID • Specifies SNMP engine ID on the local device, automatically created EngineID based on the device MAC console(config)# snmp-server engineid local default Marvell Confidential
Defining users • Configuring 3 users:c1, c2, c3 console(config)# snmp-server user c1 b1 auth-md5 password1 console(config)# snmp-server user c2 b2 console(config)# snmp-server user c3 b3 auth-sha password3 console# show snmp users Name Group name Auth Remote Method ------------------- ----------------------- ------- ----------------------- c1 b1 MD5 c2 b2 noAuth c3 b3 SHA Marvell Confidential
NMS Configuration Marvell Confidential
Adding user c2 Device ip address Marvell Confidential
Selecting the object to get Marvell Confidential
Command results Marvell Confidential
Definning user c3 Marvell Confidential
Selecting an object to set Marvell Confidential
Command results Marvell Confidential
Marvell Confidential

Recomendados

SNMP
SNMPSNMP
SNMPOECLIB Odisha Electronics Control Library
 
Ad hoc secuirty-vemula
Ad hoc secuirty-vemulaAd hoc secuirty-vemula
Ad hoc secuirty-vemulaRaju Vemula
 
SNMP(Simple Network Management Protocol)
SNMP(Simple Network Management Protocol)SNMP(Simple Network Management Protocol)
SNMP(Simple Network Management Protocol)Mohammad Awais Javaid
 
Security in wireless sensor networks
Security in wireless sensor networksSecurity in wireless sensor networks
Security in wireless sensor networksPiyush Mittal
 
M05078996
M05078996M05078996
M05078996IJERD Editor
 
How MQTT work ?
How MQTT work ?How MQTT work ?
How MQTT work ?Niket Chandrawanshi
 
SNMP Protocol
SNMP ProtocolSNMP Protocol
SNMP ProtocolMohd Sajjad
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networksPiyush Mittal
 

Recomendados

SNMP
SNMPSNMP
SNMPOECLIB Odisha Electronics Control Library
 
Ad hoc secuirty-vemula
Ad hoc secuirty-vemulaAd hoc secuirty-vemula
Ad hoc secuirty-vemulaRaju Vemula
 
SNMP(Simple Network Management Protocol)
SNMP(Simple Network Management Protocol)SNMP(Simple Network Management Protocol)
SNMP(Simple Network Management Protocol)Mohammad Awais Javaid
 
Security in wireless sensor networks
Security in wireless sensor networksSecurity in wireless sensor networks
Security in wireless sensor networksPiyush Mittal
 
M05078996
M05078996M05078996
M05078996IJERD Editor
 
How MQTT work ?
How MQTT work ?How MQTT work ?
How MQTT work ?Niket Chandrawanshi
 
SNMP Protocol
SNMP ProtocolSNMP Protocol
SNMP ProtocolMohd Sajjad
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networksPiyush Mittal
 
At8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoAt8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoNetPlus
 
SNMP (MV ASHOK)
SNMP (MV ASHOK)SNMP (MV ASHOK)
SNMP (MV ASHOK)Suresh Jenula
 
Tr 069%20 Amendment%201
Tr 069%20 Amendment%201Tr 069%20 Amendment%201
Tr 069%20 Amendment%201guest7614c9
 
Tr 069
Tr 069Tr 069
Tr 069Ale Guardia
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069William Lee
 
Introdunction To Network Management Protocols SNMP & TR-069
Introdunction To Network Management Protocols SNMP & TR-069Introdunction To Network Management Protocols SNMP & TR-069
Introdunction To Network Management Protocols SNMP & TR-069William Lee
 
Snmpv3
Snmpv3Snmpv3
Snmpv3jignash
 
SNMP
SNMPSNMP
SNMPs1160135
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management ProtocolPrasenjit Gayen
 
Snmp
SnmpSnmp
Snmphetaljadav
 
Introduction to SNMP
Introduction to SNMPIntroduction to SNMP
Introduction to SNMPMohammed Farrah
 
SNMP
SNMPSNMP
SNMPAnshuman Biswal
 
More Details about TR-069 (CPE WAN Management Protocol)
More Details about TR-069 (CPE WAN Management Protocol)More Details about TR-069 (CPE WAN Management Protocol)
More Details about TR-069 (CPE WAN Management Protocol)William Lee
 
White Paper on SNMPv3
White Paper on SNMPv3White Paper on SNMPv3
White Paper on SNMPv3mayukh rastogi
 
CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network MonitoringNetworkel
 
(Snmp) simple network management protocol
(Snmp) simple network management protocol(Snmp) simple network management protocol
(Snmp) simple network management protocolGouasmia Zakaria
 
Network Management Security NS8
Network Management Security NS8Network Management Security NS8
Network Management Security NS8koolkampus
 
CCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokCCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokAhmed Gad
 
snmp
snmpsnmp
snmpحسن رشید
 
Ccna notes
Ccna notesCcna notes
Ccna notesMubeen Chughtai
 
SNMP.pptx
SNMP.pptxSNMP.pptx
SNMP.pptxTanzeelGill
 

Más contenido relacionado

Destacado

At8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoAt8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoNetPlus
 
Tr 069%20 Amendment%201
Tr 069%20 Amendment%201Tr 069%20 Amendment%201
Tr 069%20 Amendment%201guest7614c9
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069William Lee
 
Introdunction To Network Management Protocols SNMP & TR-069
Introdunction To Network Management Protocols SNMP & TR-069Introdunction To Network Management Protocols SNMP & TR-069
Introdunction To Network Management Protocols SNMP & TR-069William Lee
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management ProtocolPrasenjit Gayen
 
More Details about TR-069 (CPE WAN Management Protocol)
More Details about TR-069 (CPE WAN Management Protocol)More Details about TR-069 (CPE WAN Management Protocol)
More Details about TR-069 (CPE WAN Management Protocol)William Lee
 

Destacado (14)

At8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamentoAt8000 s configuracao de gerenciamento
At8000 s configuracao de gerenciamento
 
SNMP (MV ASHOK)
SNMP (MV ASHOK)SNMP (MV ASHOK)
SNMP (MV ASHOK)
 
Tr 069%20 Amendment%201
Tr 069%20 Amendment%201Tr 069%20 Amendment%201
Tr 069%20 Amendment%201
 
Tr 069
Tr 069Tr 069
Tr 069
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069
 
Introdunction To Network Management Protocols SNMP & TR-069
Introdunction To Network Management Protocols SNMP & TR-069Introdunction To Network Management Protocols SNMP & TR-069
Introdunction To Network Management Protocols SNMP & TR-069
 
Snmpv3
Snmpv3Snmpv3
Snmpv3
 
SNMP
SNMPSNMP
SNMP
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
 
Snmp
SnmpSnmp
Snmp
 
Introduction to SNMP
Introduction to SNMPIntroduction to SNMP
Introduction to SNMP
 
SNMP
SNMPSNMP
SNMP
 
More Details about TR-069 (CPE WAN Management Protocol)
More Details about TR-069 (CPE WAN Management Protocol)More Details about TR-069 (CPE WAN Management Protocol)
More Details about TR-069 (CPE WAN Management Protocol)
 

Similar a At8000 s usando snm_pv3

CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network MonitoringNetworkel
 
(Snmp) simple network management protocol
(Snmp) simple network management protocol(Snmp) simple network management protocol
(Snmp) simple network management protocolGouasmia Zakaria
 
Network Management Security NS8
Network Management Security NS8Network Management Security NS8
Network Management Security NS8koolkampus
 
CCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokCCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokAhmed Gad
 
Sen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmissionSen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmissionSenetas
 
Question No. 1What updates have been brought by snmpv2 to SNMPv1 c.pdf
Question No. 1What updates have been brought by snmpv2 to SNMPv1 c.pdfQuestion No. 1What updates have been brought by snmpv2 to SNMPv1 c.pdf
Question No. 1What updates have been brought by snmpv2 to SNMPv1 c.pdffashiionbeutycare
 
Unit 5.1 network 2.pptx
Unit 5.1 network 2.pptxUnit 5.1 network 2.pptx
Unit 5.1 network 2.pptxLilyMkayula
 
4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 
Simple network management protocol
Simple network management protocolSimple network management protocol
Simple network management protocolni35540
 
Network management
Network managementNetwork management
Network managementsangusajjan
 
DYNAMIC KEY REFRESHMENT FOR SMART GRID MESH NETWORK SECURITY
DYNAMIC KEY REFRESHMENT FOR SMART GRID MESH NETWORK SECURITY DYNAMIC KEY REFRESHMENT FOR SMART GRID MESH NETWORK SECURITY
DYNAMIC KEY REFRESHMENT FOR SMART GRID MESH NETWORK SECURITY anurama
 
Snmp chapter7
Snmp chapter7Snmp chapter7
Snmp chapter7jignash
 
Network management
Network managementNetwork management
Network managementMohd Arif
 

Similar a At8000 s usando snm_pv3 (20)

White Paper on SNMPv3
White Paper on SNMPv3White Paper on SNMPv3
White Paper on SNMPv3
 
CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network Monitoring
 
(Snmp) simple network management protocol
(Snmp) simple network management protocol(Snmp) simple network management protocol
(Snmp) simple network management protocol
 
Network Management Security NS8
Network Management Security NS8Network Management Security NS8
Network Management Security NS8
 
CCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the NetwokCCNA4v5 Chapter 8 - Monitoring the Netwok
CCNA4v5 Chapter 8 - Monitoring the Netwok
 
snmp
snmpsnmp
snmp
 
Ccna notes
Ccna notesCcna notes
Ccna notes
 
SNMP.pptx
SNMP.pptxSNMP.pptx
SNMP.pptx
 
Sen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmissionSen 214 simple secure multicast transmission
Sen 214 simple secure multicast transmission
 
Question No. 1What updates have been brought by snmpv2 to SNMPv1 c.pdf
Question No. 1What updates have been brought by snmpv2 to SNMPv1 c.pdfQuestion No. 1What updates have been brought by snmpv2 to SNMPv1 c.pdf
Question No. 1What updates have been brought by snmpv2 to SNMPv1 c.pdf
 
SNMP
SNMPSNMP
SNMP
 
Unit 5.1 network 2.pptx
Unit 5.1 network 2.pptxUnit 5.1 network 2.pptx
Unit 5.1 network 2.pptx
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
Simple network management protocol
Simple network management protocolSimple network management protocol
Simple network management protocol
 
Network management
Network managementNetwork management
Network management
 
DYNAMIC KEY REFRESHMENT FOR SMART GRID MESH NETWORK SECURITY
DYNAMIC KEY REFRESHMENT FOR SMART GRID MESH NETWORK SECURITY DYNAMIC KEY REFRESHMENT FOR SMART GRID MESH NETWORK SECURITY
DYNAMIC KEY REFRESHMENT FOR SMART GRID MESH NETWORK SECURITY
 
Snmp chapter7
Snmp chapter7Snmp chapter7
Snmp chapter7
 
Network management
Network managementNetwork management
Network management
 
SNMP/SMTP/MIME
SNMP/SMTP/MIMESNMP/SMTP/MIME
SNMP/SMTP/MIME
 
Mobile slide
Mobile slideMobile slide
Mobile slide
 

Más de NetPlus

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesNetPlus
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portuguesNetPlus
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portuguesNetPlus
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portuguesNetPlus
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portuguesNetPlus
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesNetPlus
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesNetPlus
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesNetPlus
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesNetPlus
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesNetPlus
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portuguesNetPlus
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portuguesNetPlus
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portuguesNetPlus
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesNetPlus
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesNetPlus
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixNetPlus
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixNetPlus
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixNetPlus
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixNetPlus
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixNetPlus
 

Más de NetPlus (20)

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portugues
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portugues
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portugues
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portugues
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portugues
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portugues
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portugues
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portugues
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portugues
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portugues
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portugues
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portugues
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portugues
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portugues
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portugues
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 Dotix
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 Dotix
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 Dotix
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV Dotix
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV Dotix
 

Último

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

At8000 s usando snm_pv3

  • 1. SNMPv3 AT-8000S Marvell Confidential
  • 2. Overview • Simple Network Management Protocol Version (SNMPv3) is an interperable standars-based protocol for network mangement. • SNMPv3 provides secure access to devices by a combination of authentication and encrypting packets over the network Marvell Confidential
  • 3. Overview • The following security features are included in SNMPv3: – Message integrity – Authentication – Encryption • SNMPv3 also describes how to apply the access control and the new sending traps mechanism on SNMPv1 and SNMPv2 PDUs. Marvell Confidential
  • 4. Local Engine Information • Each SNMP agent maintains some local information to be used in SNMPV3 message exchanges. • An SNMP agent is considered an authoritative SNMP engine. • In incoming messages (Get, GetNext, GetBulk, Set), the agent receives, and in Trap messages, it sends to a manager. • The agent’s local information is encapsulated in message fields. Marvell Confidential
  • 5. Security • RFC 2574 defines the user-based security model (USM) for SNMPv3. • This specification includes: – Authentication – Privacy – Timeliness – Key management Marvell Confidential
  • 6. Authentication • Provides data integrity and data origin authentication. • Using authentication for an SNMPV3 message involves an authentication code HMAC, with the hash function either MD5 or SHA-1. • This code is created by the originator of the SNMP message and is written into the msgAuthenticationParameters field of the message. • The receiver then uses this code to validate the message’s integrity and origin. • The agent supports both HMAC-MD5 and HMAC-SHA protocols. Marvell Confidential
  • 7. Privacy • Protects against disclosure of the message’s payload. • The cipher block-chaining (CBC) mode of DES is used for encryption. • The user can either employ authentication on an SNMP message, or both authentication and privacy, but not privacy without authentication. Marvell Confidential
  • 8. Timeliness • Protects against message delay or replay. • The SNMP agent does timeliness check on an incoming message by comparing the time information in the message. Marvell Confidential
  • 9. Key management • Defines procedures for key generation, update and use. • The keys for authentication and privacy are not passed via the SNMP protocol. • The NMS shares the keys with each agent it works with. • The RFC defines a procedure for producing the key the NMS shares with a certain agent, by using an NMS password and that agent’s engineID. • Changing an authentication or privacy key is done by changing the appropriate fields in the usmUserTable. The new key is calculated by the agent according to the old key. Marvell Confidential
  • 10. Sending Traps • Defined in RFC2573. • The mechanism of sending traps defined in the SNMPv3 architecture includes the following phases: – Identifying management targets for traps – Filtering of a trap – Choosing parameters to generate the trap message – Access control checks Marvell Confidential
  • 11. Access Control • RFC 2575 defines the View-Based Access Control Model (VACM), which enables an SNMP agent to force a particular set of access rights to MIB data. • Determining access rights depends on the following factors: – The principal that initiates the access request. For example, a manager responsible for a whole network configuration may have wide authority to change MIB values, while a manager with monitoring responsibility may have read-only access or even no access at all to certain MIB objects. Marvell Confidential
  • 12. Access Control (Cont.) – The security level used for delivering the SNMP request in the network. Usually, a manager will obligate the use of authentication for set requests. – The security model used for processing the SNMP request. The agent can define different levels of access for security models SNMPv1 and SNMPv2, in which no security policy has been used for the message, and the SNMPv3 User-Based Security Model. – The MIB context in the request. A context is a notion, which can be defined as a named subgroup of MIB object instances. Marvell Confidential
  • 13. Access Control (Cont.) – An SNMP agent can maintain one or more contexts, and a MIB object or object instance can belong to one or more contexts. – For example, an agent can maintain information of multiple devices, with each of them represented by a different context name. – The originator of an SNMP request should fill the name of the context of the MIB data it wants to access in the contextName field of the message. – The specific object instance for which access is requested. Some objects contain information, which is more sensitive than that of others. Marvell Confidential
  • 14. Access Control (Cont.) – The type of access, which is requested: read, write or notify. – A different access control policy may be applied for each one of these management operations. Marvell Confidential
  • 15. SNMPv3 Implementation AT-8000S Marvell Confidential
  • 16. SNMPv3 in AT-8000S • MD5 keys and passwords are saved in the configuration file. • Some checks are made on user entries, to facilitate correct configuration of SNMPv3 (and help the user avoid mistakes). • Definition of a username and community are contingent upon definition of a group name. Marvell Confidential
  • 17. User controls The user can configure the following per SNMP manager and trap receiver: • Mode of operation (version of SNMP to use). • Authentication and encryption facilities used. • MIB access rights (read, write, notify). The user can configure the following per system: • SNMPv3 Engine ID. Marvell Confidential
  • 18. SNMPv3 – CLI Commands AT-8000S Marvell Confidential
  • 19. Enabling SNMP community • Use the following global configuration command to set up the community access string to permit access to the SNMP command. snmp-server community community [ro | rw | su] [ip-address] [view view-name] snmp-server community-group community group-name [ip-address] community Community string that acts like a password and permits access to the SNMP protocol(up to 20 chars). Marvell Confidential
  • 20. Enabling SNMP community (Cont.) • To remove a specified community string use: no snmp-server community community [ip-address] Marvell Confidential
  • 21. Creating/updating a View Entry • Use the following global configuration command to create or update a view entry. To remove the specified SNMP server view entry, use the “no” form of this command. snmp-server view view-name oid-tree {included | excluded} no snmp-server view view-name [oid-tree] view-name Label for the view record that you are updating or creating. The name is used to reference the record. oid-tree Object identifier of the ASN.1 subtree to be included or excluded from the view. Included The view type is included. excluded The view type is excluded. Marvell Confidential
  • 22. Creating/updating a View Entry (Cont.) Example: console(config)# snmp-server view user-view system included console(config)# snmp-server view user-view system.7 excluded console(config)# snmp-server view user-view ifEntry.*.1 included Marvell Confidential
  • 23. Mapping SNMP Users to SNMP Views • Use the following global configuration command to configure a new SNMP group, or a table that maps SNMP users to SNMP views. To remove a specified SNMP group, use the no form of this command. snmp-server group groupname {v1 | v2 | v3 {noauth | auth | priv}} [notify notifyview ] [read readview] [write writeview] no snmp-server group groupname [v1 | v2 | v3 [noauth | auth | priv] Console (config)# snmp-server group user-group v3 priv read user-view Marvell Confidential
  • 24. SNMP engineID • Use the following Global Configuration mode command to specifies the SNMP engineID on the local device. To remove the configured engine ID, use the no form of this command. snmp-server engineID local { engineid-string | default} no snmp-server engineID local engineid-string—Specifies a character string that identifies the engine ID. (Range: 9-64 hexa characters) default—The engine ID is created automatically based on the device MAC address. console(config)# snmp-server engineid local default Marvell Confidential
  • 25. Configure SNMPv3 User • Use the following global configuration command to configure a new SNMP Version 3 user. To remove a user, use the no form of the command. snmp-server user username groupname [remote engineid-string] [ auth-md5 password |auth-sha password | auth-md5-key md5-des-keys | auth-sha-key sha-des-keys ] no snmp-server user username username The name of the user on the host that connects to the agent. groupname The previously-defined name of the group to which the user belongs. engineid-string—Specifies the engine ID of the remote SNMP entity to which the user belongs. Marvell Confidential
  • 26. Configure SNMPv3 User (Cont.) • If auth-md5 or auth-sha is specified, both authentication and privacy are enabled for the user. • When you enter a “show running-config” command, you will not see a line for this user. • To see if this user has been added to the configuration, type the “show snmp user” command. • An SNMP EnginID has to be defined to add SNMP users to the device Marvell Confidential
  • 27. Enable Sending Traps • Use the following Global Configuration command to enable the device to send SNMP traps. To disable SNMP traps, use the no form of the command. snmp-server enable traps no snmp-server enable traps Marvell Confidential
  • 28. Enable Authentication Traps • Use the following Global Configuration command to enable the device to send SNMP traps when authentication fails. To disable these SNMP traps, use the no form of the command. snmp-server traps authentication no snmp-server traps authentication Marvell Confidential
  • 29. SNMP Filter Entry • Use the following global configuration command to create or update a filter entry. To remove the specified SNMP server filter entry, use the no form of this command: snmp-server filter filter-name oid-tree {included | excluded} no snmp-server filter filter-name [oid-tree] console(config)# snmp-server filter filter-name system included console(config)# snmp-server filter filter-name system.7 excluded console(config)# snmp-server filter filter-name ifEntry.*.1 included Marvell Confidential
  • 30. Recipient of SNMPv3 Notification • Use the following global configuration command to specify the recipient of SNMP V3 notification operation: snmp-server v3-host {ipaddr|hostname} username [traps | informs] {noauth | auth | priv} [udp-port port] [filter filtername] [timeout seconds] [retries retries] To delete the recipient use: no snmp-server v3-host host-addr [traps | informs] [username] Marvell Confidential
  • 31. Recipient of SNMPv3 Notification (Cont.) • If a trap and inform are defined on the same target, and an inform was sent, the trap would not be sent. • A user and notification view are not automatically created. Use the snmp-server user, snmpserver group and snmp- server view Global Configuration mode commands to generate a user, group and notify group, respectively. Marvell Confidential
  • 32. Review SNMP v.1, v.2 Commands Marvell Confidential
  • 33. Snmp Server Host • Use the following global configuration command to specify the recipient of Simple Network Management Protocol Version 1 or Version 2 notifications. • snmp-server host {ip-address | hostname} community-string [traps | informs] [1 | 2] [udp-port port] [filter filtername] [timeout seconds] [retries retries] To remove the specified host, use the no form of this command. • no snmp-server host {ip-address | hostname} [traps | informs] Marvell Confidential
  • 34. Snmp Server contact • Use the following global configuration command to configure the system contact (sysContact) string. • snmp-server contact text To remove system contact information, use the no form of the command. no snmp-server contact Marvell Confidential
  • 35. Snmp Server Location • Use the following global configuration command to configure the system location string. snmp-server location text To remove system contact information, use the no form of the command. no snmp-server location Marvell Confidential
  • 36. Snmp Server Set • Use the following global configuration command to define the SNMP MIB value. snmp-server set variable-name name1 value1 [ name2 value2 …] • Although the CLI can set any required configuration, there might be a situation where a SNMP user sets a MIB variable that does not have an equivalent command. In order to generate configuration files that support those situations, the snmp-server set command is used. Marvell Confidential
  • 38. SNMPv3 View #1: MIB X included MIB Y excluded … User_ID Group_ID … … View #n: MIB X included MIB Y excluded … Marvell Confidential
  • 39. View configuration • Configuring 3 views: a1, a2, a3: console(config)# snmp-server view a1 ip included console(config)# snmp-server view a1 ipForwarding excluded console(config)# snmp-server view a2 internet included console(config)# snmp-server view a3 ipDefaultTTL included console(config)# exit console# show snmp views Name OID Tree Type ------------------- ------------------------- -------- a1 ip included a1 ipForwarding excluded a2 internet included a3 ipDefaultTTL included Default iso included Default snmpVacmMIB excluded Default usmUser excluded Default snmpCommunityTable excluded Default rndCommunityTable excluded DefaultSuper iso included Marvell Confidential
  • 40. Group configuration • Configuring 3 groups: b1, b2, b3: console(config)# snmp-server group b1 v3 auth read Default write a1 console(config)# snmp-server group b2 v3 noauth read a2 write a2 console(config)# snmp-server group b3 v3 priv read a3 console(config)# exit console# show snmp groups Name Security Views Model Level Read Write Notify ------------------ ------ ---------- -------- --------- ----------- b1 V3 auth Default a1 - b2 V3 noauth a2 a2 - b3 V3 priv a3 - - Marvell Confidential
  • 41. Engine ID • Specifies SNMP engine ID on the local device, automatically created EngineID based on the device MAC console(config)# snmp-server engineid local default Marvell Confidential
  • 42. Defining users • Configuring 3 users:c1, c2, c3 console(config)# snmp-server user c1 b1 auth-md5 password1 console(config)# snmp-server user c2 b2 console(config)# snmp-server user c3 b3 auth-sha password3 console# show snmp users Name Group name Auth Remote Method ------------------- ----------------------- ------- ----------------------- c1 b1 MD5 c2 b2 noAuth c3 b3 SHA Marvell Confidential
  • 44. Adding user c2 Device ip address Marvell Confidential
  • 45. Selecting the object to get Marvell Confidential
  • 48. Selecting an object to set Marvell Confidential