HP StorageWorks 2/140 FW 08.01.00 McDATA E/OS SNMP Support Manual (620-000131- - Page 18

Introduction to SNMP 1 Authentication can be used to restrict communication between two authorized entities. Users cannot save messages and replay them with altered content. Only authorized users can change configurations of network devices. View-based Access Control Model (VACM) The View-based Access Control Model defines a set of services that an application can use for checking access rights. It determines the access rights of a group. A group defines the access rights afforded to all the security names (user names) which belong to that group. The combination of a security model and a security name maps to at most one group identified by a group name. The access rights that can be given to a group are read-view, write-view and notify-view. E/OS SNMPv3 Configuration The security and access features for SNMPV3 provided by the User-based Security Model (USM) and View-based Access Control Model (VACM) require using multiple tables: User Table, Access Table, Security-to-Group Table, and Target Table. The following sections describe how SNMPv3 has been implemented in the E/OS. USM Message Processing The following steps describe how SNMPv3 messages are processed in the User-based Security Model: 1. User table contains information such as user name, authentication protocol, authentication key, privacy protocol, and encryption key. Based on the user name field in the received packet, the SNMP engine finds out the user entry from the table. 2. Flags are checked to see if authentication or security is needed. 3. If authentication is needed, the hash value is calculated using the authentication protocol and authentication key, and matched against the header. 1-6 E/OS SNMP Support Manual