USM
The User-based Security Model (USM ) and the View Access Control Model (VACM) together detail the security enhancements added with SNMPv3 . Let's start with the USM.
The Basics
We need to get some terminology out of the way before we can look at the USM in any detail:
-
snmpEngineID
This is an unambiguous identifier for an SNMP engine as well as the SNMP entity that corresponds to the engine. The syntax for this identifier is
OctetString
and it cannot be zero length. Most SNMPv3 applications allow for the user to input a value forsnmpEngineID
. If one is not specified, the value is computed using a combination of enterprise ID and IP or MAC address.-
snmpEngineBoots
A count of the number of times an SNMP engine has rebooted.
-
snmpEngineTime
The number of seconds since the
snmpEngineBoots
counter was last incremented.-
snmpSecurityLevel
There are three security levels. The first is no authentication or privacy (noAuthNoPriv). Note that if this mode is used, a
securityName
is still required. The second is authentication and no privacy (authNoPriv). The third and final one is authentication and privacy (authPriv). While you can have authentication without privacy, you cannot have privacy without authentication.- Authoritative SNMP engine
A nonauthoritative engine must discover the
snmpEngineId
of the authoritative engine with which it communicates. The rules for designating the authoritative engine are as follows: if the SNMP message requires a response (get, getnext, getbulk, set, or ...
Get Essential SNMP, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.