3.2.6 Community strings and authentication profiles
Plan the community strings and authentication profiles to be tried for each area of your network. For the default and region settings, you can configure multiple community strings and authentication profiles to be tried in parallel.
- Reference note
-
While trying probable community strings, NNMi queries might cause devices to generate authentication failures. Inform your operations department that authentication failures might safely be ignored while NNMi completes its initial discovery. Alternatively, you can minimize the number of authentication failures by configuring as tightly as possible your regions and the associated community strings and authentication protocols to try.
If your environment uses SNMPv1 or v2 and SNMPv3, determine the minimum acceptable security level for each region.
- Organization of this subsection
(1) SNMPv1 and SNMPv2 community strings
For regions where SNMPv1 or SNMPv2c access is acceptable, gather the community strings in use within the region and any unique community strings required by specific devices.
(2) SNMPv3 authentication profiles
For regions containing SNMPv3-accessible devices, determine the minimum acceptable default authentication profiles, the authentication profiles appropriate for each region, and the unique authentication credentials in use on specific devices (if any). Also determine the authentication and privacy protocols in use within your network. You can specify one authentication protocol and one privacy protocol for each specific node or region setting.
- For SNMPv3 communication, NNMi supports the following authentication protocols:
-
-
HMAC-MD5-96
-
HMAC-SHA-1
-
- For SNMPv3 communication, NNMi supports the following privacy protocols:
-
-
DES-CBC
-
TripleDES
-
AES-128
-
AES-192
-
AES-256
-