netravnen
/
NetworkLabNotes
mirror of https://gitlab.com/netravnen/NetworkLabNotes.git
1
0
Fork 0
Code Releases Activity

Added SNMPv2,SNMPv2c descriptions

This commit is contained in:
chhan11 2017-06-05 22:18:17 +02:00
parent b53a77ab34
commit 55877d8233
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
chapter/mgmt.tex
View File

@ -351,10 +351,12 @@ Cisco switches allow by default only the following 3 protos until the client is
\item \textit{Get Bulk Request}\footnote{To pull data from a network node in bulk}, and
\item \textit{Inform Request}\footnote{\gls{snmp} trap message added with a requirement for an acknowledgement returned back to the network node}.
\end{enumerate}
\item \gls{snmp}v2 added \textit{in addition} to 2 extra message types also a complex new security model. This was never widely accepted which is why we have \gls{snmp}v2c existing and considered the \textit{de-facto} \gls{snmp}v2 standard.
\end{itemize}
\item \itemhead{v2c}
\begin{itemize}
\item
\item \gls{snmp}v2c switched from the complex security model \gls{snmp}v2 used to using \texttt{community strings}. This posses a lot of inherent security risks because (amongst other) of the low level Authentication used when polling data from \gls{snmp} agents. Because of this Cisco recommends when using \gls{snmp}v2c to only enable the protocol for data polling from \gls{snmp} agents.
\item \textbf{Never} use v2c to push configuration changes to \gls{snmp} agents because the security level is just not up to standard to provide the necessary security level at all.
\end{itemize}
\item \itemhead{v3}
\begin{itemize}