Nice link TacACK Did some investigation/reading and wanted to share about SNMP v3
SNMP v3 uses User Based Security Model (USM). As per RFC 2274, the following are the speficiations - Authentication - Timeliness - Privacy - Message Format - Discovery - Key Management In the SNMP v3, of the two entities (Agent and NMS) either one should be Authoritative Engine and other will Non-Authoritative engine. *Timeliness *- The Non-Authoritative entity will sync with the Authoritative entity which sends the time. This is used for mitigating Anti-replay attacks When the SNMP message expects a response then the receiver is the Authoritative. For GET, GETNEXT, SET, GETBULK the NMS will be authoritative as it is the receiver. For Informs, the Agent will Authoritative when Agent sends the Informs and NMS will be the Authoritative when NMS sends Informs. The *Discovery* process will discover the Engine ID of the remote device. The NMS will discover the Engine ID of the Agent (IOS router). This Engine ID will be used to localize the keys.Using this keys, NMS will do GET, GETNEXT etc. The local engine is generated on the router automatically, if you want, it can be configured using ""snmp-server engineID remote" and viewed using sh snmp engineID. For traps, the local engine ID is used to localize keys For Informs, the remote engine is used to localize keys and you need to use "snmp-server engineID remote" to configure it. With regards Kings On Fri, Jul 2, 2010 at 9:52 PM, Vybhav Ramachandran <[email protected]>wrote: > Hello Kings, > > Guys found this good read on Traps v/s Informs in SNMP v3. > > > http://net-snmp.sourceforge.net/tutorial/tutorial-5/commands/snmptrap-v3.html > > Cheers, > TacACK > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
