Protocol Overview
Network management stations use SNMP to retrieve or alter management data from network elements.
A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements
store managed objects in a database called a management information base (MIB).
MIBs are hierarchically structured and use object identiers to address managed objects, but managed objects also have a textual name
called an object descriptor.
You can download the latest MIB les from the following path:
• https://www.force10networks.com/CSPortal20/Main/SupportMain.aspx.
Implementation Information
The following describes SNMP implementation information.
• Dell Networking OS supports SNMP version 1 as dened by RFC 1155, 1157, and 1212, SNMP version 2c as dened by RFC 1901, and
SNMP version 3 as dened by RFC 2571.
• Dell Networking OS supports up to 16 trap receivers.
• Dell Networking OS implementation of the sFlow MIB supports sFlow conguration via SNMP sets.
• SNMP traps for the spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) state changes are based on BRIDGE
MIB (RFC 1483) for STP and IEEE 802.1 draft ruzin-mstp-mib-02 for MSTP.
SNMPv3 Compliance With FIPS
SNMPv3 is compliant with the Federal information processing standard (FIPS) cryptography standard. The Advanced Encryption Standard
(AES) Cipher Feedback (CFB) 128-bit encryption algorithm is in compliance with RFC 3826. SNMPv3 provides multiple authentication and
privacy options for user conguration. A subset of these options are the FIPS-approved algorithms: HMAC-SHA1-96 for authentication and
AES128-CFB for privacy. The other options are not FIPS-approved algorithms because of known security weaknesses. The AES128-CFB
privacy option is supported and is compliant with RFC 3826.
The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when the system is congured
with the fips mode enable command in Global Conguration mode. When the FIPS mode is enabled on the system, SNMPv3
operates in a FIPS-compliant manner, and only the FIPS-approved algorithm options are available for SNMPv3 user conguration. When
the FIPS mode is disabled on the system, all options are available for SNMPv3 user conguration.
The following table describes the authentication and privacy options that can be congured when the FIPS mode is enabled or disabled:
Table 71. Authentication and Privacy Options
FIPS Mode Privacy Options Authentication Options
Disabled des56 (DES56-CBC)
aes128 (AES128-CFB)
md5 (HMAC-MD5-96)
sha (HMAC-SHA1-96)
Enabled aes128 (AES128-CFB) sha (HMAC-SHA1-96)
To enable security for SNMP packets transferred between the server and the client, you can use the snmp-server user username
group groupname 3 auth authentication-type auth-password priv aes128 priv-password command to specify
that AES-CFB 128 encryption algorithm needs to be used.
Dell(conf)#snmp-server user snmpguy snmpmon 3 auth sha AArt61wq priv aes128 jntRR59a
Simple Network Management Protocol (SNMP)
765
To Next Page
Loading...
Need help?
General
