Secure Mobile Access 12.4 Administration Guide

SNMP Configuration

If you have an SNMP (Simple Network Management Protocol) tool, you can use it to monitor the appliance as an SNMP agent. The appliance supports SNMP versions 2 and 3, and provides a variety of management data in Management Information Base (MIB) II format.

You can enable SNMPv2 or SNMPv3, but not both at the same time. When SNMPv2 is enabled, SNMPv3 requests are ignored. When SNMPv3 is enabled, SNMPv2 requests are ignored. You can also disable SNMP support entirely, in which case any SNMP request directed at the system will be ignored and no traps will be generated.

SNMPv3 addresses the security deficiencies that have plagued both SNMPv1 and SNMPv2. SNMPv3 supports all the operations defined by versions 1 and 2. The new security functionality provided by SNMPv3 can be generally divided into three principle areas: authentication, privacy (encryption), and access control.

SNMPv3 is the recommended selection for the best security.

Where authentication in SNMPv2 was provided, insecurely, by the clear text community string, authentication in SNMPv3 uses the SHA algorithm to provide secure authentication. For each SNMP user, both a username and a passcode as well as the desired algorithm are configured on the agent (in our case, the SMA appliance) and must match the username, passcode, and algorithm choice provided to the management software that will be communicating with the appliance.

Prior to SNMPv3, all communications were unencrypted. In SNMPv3, the AES algorithm is used to encrypt and decrypt SNMP messages. As with authentication, a username, password and encryption algorithm are used to seed the encryption and must be configured on both the agent and the management station.

The combined authentication and encryption levels supported by Secure Mobile Access for SNMPv3 are shown in the below table.

Combined authentication and encryption levels
LevelAuthenticationEncryptionEffect
noAuthNoPrivUsernameNoUses a username match for authentication.
authNoPrivSHANoProvides authentication based on the HMAC-SHA algorithm.
authPrivSHAAESProvides authentication based on the HMAC-SHA algorithm. Provides AES encryption in addition to authentication.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.