SNMP Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
SNMP Security
SNMP is an application layer protocol that facilitates the exchange of management information between
network devices. In all Cisco MDS 9000 Family switches, three SNMP versions are available: SNMPv1,
SNMPv2c, and SNMPv3 (see
Figure 27-1
Switch 1
SNMP Version 1 and Version 2c
SNMP Version 1 (SNMPv1) and SNMP Version 2c (SNMPv2c) use a community string match for user
authentication. Community strings provided a weak form of access control in earlier versions of SNMP.
SNMPv3 provides much improved access control using strong authentication and should be preferred
over SNMPv1 and SNMPv2c wherever it is supported.
SNMP Version 3
SNMP Version 3 (SNMPv3) is an interoperable standards-based protocol for network management.
SNMPv3 provides secure access to devices by a combination of authenticating and encrypting frames
over the network. The security features provided in SNMPv3 are:
•
•
•
SNMPv3 provides for both security models and security levels. A security model is an authentication
strategy that is set up for a user and the role in which the user resides. A security level is the permitted
level of security within a security model. A combination of a security model and a security level
determines which security mechanism is employed when handling an SNMP packet.
Cisco MDS 9000 Family Configuration Guide
27-2
SNMP Security
SNMP v1 or v2c
(network operator level)
SNMP request
SNMP response
(response depends on successful authentication)
Message integrity—Ensures that a packet has not been tampered with in-transit.
Authentication—Determines the message is from a valid source.
Encryption—Scrambles the packet contents to prevent it from being seen by unauthorized sources.
Figure
27-1).
Chapter 27
Configuring SNMP
GET or SET
SNMP commands
OL-6973-03, Cisco MDS SAN-OS Release 2.x