RADIUS-Based SNMP Authorisation

The security of the management plane is an important challenge in large networks, where multiple and heterogeneous devices have to be managed in a secure way using different management frameworks (CLI, SNMP, or XML based management). Each of these frameworks comes with its own specific security mechanisms (SNMP with USM/VACM, CLI with TACACS/RADIUS/exec mode), such that the security settings of the overall management plane must be individually adapted to each of them. This is a complex task in even moderate sized network, having major shortcomings in terms of scalability and coherent configuration practice. This paper details some of the practical experience learned, while we extended the SNMP framework with a RADIUS based authorization scheme. We propose in this paper an extension to SNMP agents capable to integrate the authorization of managers within a larger RADIUS based enterprise level security architecture. Our implementation was built on top of the NET-SNMP framework, and is available under the Open Source license