Cisco WS-C2980G-A Software Guide - Page 370

SNMP Terminology Chapter 24 Configuring SNMP Table 24-1 SNMP Terminology Term Definition authentication The process of ensuring message integrity and protection against message replays, including data integrity and data origin authentication. authoritative SNMP engine One of the SNMP copies that is used in network communication is designated as the allowed SNMP engine which protects against message replay, delay, and redirection. The security keys that are used for authenticating and encrypting SNMPv3 packets are generated as a function of the authoritative SNMP engine's engine ID and user passwords. When an SNMP message expects a response (for example, get exact, get next, set request), the receiver of these messages is authoritative. When an SNMP message does not expect a response, the sender is authoritative. community string A text string used to authenticate messages between a management station and an SNMPv1 or SNMPv2c engine. data integrity A condition or state of data in which a message packet has not been altered or destroyed in an unauthorized manner. data origin authentication The ability to verify the identity of a user on whose behalf the message is supposedly sent. This ability protects users against both message capture and replay by a different SNMP engine, and against packets that are received or sent to a particular user that uses an incorrect password or security level. encryption A method of hiding data from an unauthorized user by scrambling the contents of an SNMP packet. group A set of users belonging to a particular security model. A group defines the access rights for all the users belonging to it. Access rights define the SNMP objects that can be read, written to, or created. In addition, the group defines the notifications that a user is allowed to receive. notification host An SNMP entity to which notifications (traps) are to be sent. notify view A view name (not to exceed 64 characters) for each group; the view name defines the list of notifications that can be sent to each user in the group. privacy An encrypted state of the contents of an SNMP packet; in this state, the contents are prevented from being disclosed on a network. Encryption is performed with an algorithm called CBC-DES (DES-56). read view A view name (not to exceed 64 characters) for each group; the view name defines the list of object identifiers (OIDs) that can be read by users belonging to the group. security level A type of security algorithm that is performed on each SNMP packet. There are three levels: noauth, auth, and priv. The noauth level authenticates a packet by a string match of the username. The auth level authenticates a packet by using either the HMAC MD5 or SHA algorithms. The priv level authenticates a packet by using either the HMAC MD5 or SHA algorithms and encrypts the packet using the CBC-DES (DES-56) algorithm. security model The security strategy that is used by the SNMP agent. Currently, software supports three security models: SNMPv1, SNMPv2c, and SNMPv3. Simple Network A network management protocol that provides a means to monitor and control Management network devices, and to manage configurations, statistics collection, performance, Protocol (SNMP) and security. 24-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01