Chapter 1: Product description
System management
SNMPv3 security
SNMP Engine ID
PTP 650 supports four different formats for SNMP Engine ID:
•
MAC address
•
IPv4 address
•
Configurable text string
•
IPv6 address
SNMPv3 security configuration is re-initialized when the SNMP Engine ID is changed.
User-based security model
PTP 650 supports the SNMPv3 user-based security model (USM) for up to 10 users, with MD5,
SHA-1, DES and (subject to the license key) AES protocols in the following combinations:
•
No authentication, no privacy,
•
MD5, no privacy,
•
SHA-1, no privacy,
•
MD5, DES,
•
SHA-1, DES,
•
MD5, AES,
•
SHA-1, AES.
Use of AES privacy requires the PTP 650 AES upgrade described in
View-based access control model
PTP 650 supports the SNMPv3 view-based access control model (VACM) with a single context. The
context name is the empty string. The context table is read-only, and cannot be modified by users.
Access to critical security parameters
The SNMPv3 management interface does not provide access to critical security parameters (CSPs)
of PTP 650. It is not possible to read or modify AES keys used to encrypt data transmitted at the
wireless interface. Neither is it possible to read or modify security parameters associated with TLS
protection of the web-based management interface. The recovery mode option to zeroize CSPs
does not affect SNMPv3 configuration.
Page
1-29