SNMPv3 Costs
SNMPv3 Costs
SNMPv3 authentication and encryption contribute to a slight increase in the response time when SNMP
operations on MIB objects are performed. This cost is far outweighed by the security advantages provided
by SNMPv3.
Table 10: Order of Response Times from Least to Greatest, on page 68
(from least to greatest) for the various security model and security level combinations.
Table 10: Order of Response Times from Least to Greatest
Security Model
SNMPv2c
SNMPv3
SNMPv3
SNMPv3
User-Based Security Model
SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the following
services:
• Message integrity—Ensures that messages have not been altered or destroyed in an unauthorized manner
• Message origin authentication—Ensures that the claimed identity of the user on whose behalf received
• Message confidentiality—Ensures that information is not made available or disclosed to unauthorized
SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.
USM uses two authentication protocols:
• HMAC-MD5-96 authentication protocol
• HMAC-SHA-96 authentication protocol
USM uses Cipher Block Chaining (CBC)-DES (DES-56) as the privacy protocol for message encryption.
View-Based Access Control Model
The View-Based Access Control Model (VACM) enables SNMP users to control access to SNMP managed
objects by supplying read, write, or notify access to SNMP objects. It prevents access to objects restricted by
views. These access policies can be set when user groups are configured with the snmp-server group
command.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
68
and that data sequences have not been altered to an extent greater than can occur nonmaliciously.
data was originated is confirmed.
individuals, entities, or processes.
shows the order of response time
Security Level
noAuthNoPriv
noAuthNoPriv
authNoPriv
authPriv
Implementing SNMP