274 Configuring SNMPThe SNMP agent maintains a list of variables that are used to manage theswitch. The variables are defined in the MIB. The MIB presents the variablescontrolled by the agent. The SNMP agent defines the MIB specificationformat, as well as the format used to access the information over the network.Access rights to the SNMP agent are controlled by access strings.SNMP v3 also applies access control and a new traps mechanism to SNMPv1and SNMPv2 PDUs. In addition, the User Security Model (USM) is definedfor SNMPv3 and includes:• Authentication — Provides data integrity and data origin authentication.• Privacy — Protects against disclosure of message content. Cipher-Bock-Chaining (CBC) is used for encryption. Either authentication is enabledon an SNMP message, or both authentication and privacy are enabled onan SNMP message. However privacy cannot be enabled withoutauthentication.• Timeliness — Protects against message delay or message redundancy. TheSNMP agent compares incoming message to the message timeinformation.• Key Management — Defines key generation, key updates, and key use.Authentication or Privacy Keys are modified in the SNMPv3 User SecurityModel (USM).What Are SNMP Traps?SNMP is frequently used to monitor systems for fault conditions such astemperature violations, link failures, and so on. Management applications canmonitor for these conditions by polling the appropriate OIDs with the getcommand and analyzing the returned data. This method has its drawbacks. Ifit is done frequently, significant amounts of network bandwidth can beconsumed. If it is done infrequently, the response to the fault condition maynot occur in a timely fashion. SNMP traps avoid these limitations of thepolling method.An SNMP trap is an asynchronous event indicating that somethingsignificant has occurred. This is analogous to a pager receiving an importantmessage, except that he SNMP trap frequently contains all the informationneeded to diagnose a fault.