SNMP Versions and Workflow
The switch functions as SNMP agent and supports SNMP v1, v2, and v3. It also reports system events to trap receivers using the traps defined in the MIB that it supports.
SNMP v1 and v2
To control access to the system, a list of community entries is defined. Each community entry consists of a community string and its access privilege. Only SNMP messages with the suitable community string and operation are responded to by the system.
SNMP agents maintain a list of variables that are used to manage the switch. These variables are defined in the Management Information Base (MIB).
NOTE SNMPv2 protocol has known security vulnerabilities, and it is recommended to use SNMPv3.
SNMP v3
In addition to the functionality provided by SNMP v1 and v2, SNMP v3 applies access control and new trap mechanisms to SNMPv1 and SNMPv2 PDUs. SNMPv3 also defines a User Security Model (USM) that includes:
- Authentication--Provides data integrity and data origin authentication.
- Privacy--Protects against disclosure message content. Cipher Block- Chaining (CBC) is used for encryption. Either authentication alone can be enabled on an SNMP message, or both authentication and privacy can be enabled on an SNMP message. However, privacy cannot be enabled without authentication.
- Timeliness--Protects against message delay or playback attacks. The SNMP agent compares the incoming message time stamp to the message arrival time.
- Key Management--Defines key generation, key updates, and key use. The switch supports SNMP notification filters based on Object IDs (OID). OIDs are used by the system to manage device features.