08-31-2007 09:20 AM - edited 03-10-2019 03:22 PM
Hello,
Has anyone get working the SNMP v3 authentication thru AAA servers?
Any feedback is greatly appreciated
09-05-2007 02:52 PM
Hi,
SNMPv3 provides for both security models and security levels. A security model is an authentication strategy that is set up for a user and the role in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level determines which security mechanism is employed when handling an SNMP packet.
Access Control occurs (either implicitly or explicitly) in an SNMP entity when processing SNMP retrieval or modification request messages from an SNMP entity. For example a Command Responder application applies Access Control when processing requests that it received from a Command Generator application. These requests contain Read Class and Write Class PDUs as defined in [RFC3411].
Access Control also occurs in an SNMP entity when an SNMP notification message is generated (by a Notification Originator application).
To implement the model described above, an SNMP entity needs to retain information about access rights and policies. This information is part of the SNMP engine's Local configuration Datastore (LCD). See [RFC3411] for the definition of LCD.
As of Cisco MDS SAN-OS, SNMP v3 user management can be centralized at the AAA server level. This centralized user management allows the SNMP agent running on the Cisco MDS switch to leverage the user authentication service of AAA server. Once user authentication is verified, the SNMP PDUs are processed further. Additionally, the AAA server is also used to store user group names. SNMP uses the group names to apply the access/role policy that is locally available in the switch.
09-19-2007 05:44 AM
Please mark it resolved so other can benefit from it.
regards,
-dev
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide