S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
31-4
Cisco MDS 9000 Family CLI Configuration Guide
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Chapter 31 Configuring SNMP
Creating and Modifying Users
Restricting Switch Access
You can restrict access to a Cisco MDS 9000 Family switch using IP Access Control Lists (IP-ACLs).
See
Chapter 33, “Configuring IPv4 and IPv6 Access Control Lists,”
.
Group-Based SNMP Access
Note
Because
group
is a standard SNMP term used industry-wide, we refer to role(s) as group(s) in this SNMP
section.
SNMP access rights are organized by groups. Each group in SNMP is similar to a role through the CLI.
Each group is defined with three accesses: read access, write access, and notification access. Each access
can be enabled or disabled within each group.
You can begin communicating with the agent once your user name is created, your roles are set up by
your administrator, and you are added to the roles.
Creating and Modifying Users
You can create users or modify existing users using or the CLI.
•
SNMP—Create a user as a clone of an existing user in the usmUserTable on the switch. Once you
have created the user, change the cloned secret key before activating the user. Refer to RFC 2574.
•
CLI—Create a user or modify an existing user using the
snmp-server user
command.
A network-operator and network-admin roles are available in a Cisco MDS 9000 Family switch. There
is also a default-role if you want to use the GUI (Fabric Manager and Device Manager). You can also
use any role that is configured in the Common Roles database (see the
“User Accounts” section on
page 39-10
).
Tip
All updates to the CLI security database and the SNMP user database are synchronized. You can use the
SNMP password to log into either Fabric Manager or Device Manager. However, after you use the CLI
password to log into Fabric Manager or Device Manager, you must use the CLI password for all future
logins. If a user exists in both the SNMP database and the CLI database before upgrading to Cisco MDS
SAN-OS Release 2.0(1b), then the set of roles assigned to the user becomes the union of both sets of
roles after the upgrade.
This section includes the following topics:
•
About AES Encryption-Based Privacy, page 31-5
•
Configuring SNMP Users from the CLI, page 31-5
•
Enforcing SNMPv3 Message Encryption, page 31-6
•
Assigning SNMPv3 Users to Multiple Roles, page 31-7
•
Adding or Deleting Communities, page 31-7