USM
The User-based Security Model (USM ) and the View Access Control Model (VACM) together detail the security enhancements added with SNMPv3 . Let's start with the USM.
The Basics
We need to get some terminology out of the way before we can look at the USM in any detail:
-
snmpEngineID This is an unambiguous identifier for an SNMP engine as well as the SNMP entity that corresponds to the engine. The syntax for this identifier is
OctetStringand it cannot be zero length. Most SNMPv3 applications allow for the user to input a value forsnmpEngineID. If one is not specified, the value is computed using a combination of enterprise ID and IP or MAC address.-
snmpEngineBoots A count of the number of times an SNMP engine has rebooted.
-
snmpEngineTime The number of seconds since the
snmpEngineBootscounter was last incremented.-
snmpSecurityLevel There are three security levels. The first is no authentication or privacy (noAuthNoPriv). Note that if this mode is used, a
securityNameis still required. The second is authentication and no privacy (authNoPriv). The third and final one is authentication and privacy (authPriv). While you can have authentication without privacy, you cannot have privacy without authentication.- Authoritative SNMP engine
A nonauthoritative engine must discover the
snmpEngineIdof the authoritative engine with which it communicates. The rules for designating the authoritative engine are as follows: if the SNMP message requires a response (get, getnext, getbulk, set, or ...