1、 Snmpv3 Overview

1、 Snmpv3 Overview SNPv3 is an abbreviation for Simple Network Management Protocol version 3. It is a network management protocol

Compared to previous versions, SNMPv3 has stronger security and scalability. It provides mechanisms such as authentication, encryption, and access control to ensure the confidentiality, integrity, and availability of management information. SNPv3 uses username and password based authentication to prevent unauthorized access and tampering. It also supports packet encryption to protect transmitted information from eavesdropping and modification. In addition, SNPv3 introduces an Access Control List, which allows administrators to control access to management information as needed. It also supports more complex management models, such as role-based access control (RBAC) and view based access control (VACM), making network management more flexible and refined.The main features include:

1. Encrypt transmission

SNPv3 supports packet encryption and can choose AES and DES encryption algorithms to ensure the security of data transmission.

2. Strong authentication mechanism

SNPv3 provides two security mechanisms: authentication and privacy.

    1) Authentication type

Authentication is used to verify the identity of SNMP requesters and prevent identity forgery. SNPv3 supports the following two types of authentication:

MD5- Use MD5 hash algorithm for authentication

SHA - Use SHA hash algorithm for more secure authentication

    2) Privacy type

The privacy type determines whether and how SNMP messages are encrypted to prevent eavesdropping. Supports the following privacy types:

DES - Encrypt SNMP messages using DES algorithm

AES - Encrypt SNMP messages more securely using AES algorithm

None - Do not encrypt

By configuring SNPv3 users to use different levels of authentication and privacy type combinations, different levels of security protection can be obtained.

It is generally recommended to use a combination of SHA authentication and AES privacy type for higher security.

Identity verification prevents deception, and privacy types provide confidentiality. The joint use of the two can establish a secure and reliable SNPv3 management.

3. Access control

Access control models with different security levels can be set up to achieve access permission control.

4. Ensure data integrity

Verify through authentication mechanism that the message has not been tampered with.

5. Replay attack protection

Each SNMPv3 packet has a unique ID, which can prevent replay attacks.

6. Automatic negotiation mechanism

The management station and agent can negotiate to use the highest security level.

7. Scalability

Expansion can easily introduce new security models and encryption protocols.

2、 The basic structure of the SNPv3 system

The SNMPv3 system adopts a client/server mode:

3、 Specific configuration process

1. Network device configuration:

Login to the switch web page to configure SNMPv3, configuration is required

Username: Fill in the following image as' Administrator

Authentication type: Fill in MD5 as shown in the following figure

Trap host address: Server IP of Zabbix server, fill in the corresponding address

Privacy type: The following image shows no need for privacy

Password: public Ta

2. Corresponding Zabbix host configuration

Security name: Fill in the switch configuration two-point user name

Security level: There are three types: noAuthNopriv (no authentication, no privacy), authNopriv (authentication required, no privacy), and authPriv (authentication required, no privacy). The switch is configured to require authentication without privacy, so authNopriv is selected

Verification Protocol: Corresponding switch configuration MD5

Verification password: Fill in the password public Ta for the switch configuration

If encryption needs to be configured and privacy is required, select the security level as authPriv, and match the privacy protocol and key with the switch configuration.

The above is the complete content of configuring network device SNPv3 with Zabbix.