Accessing the switch 10
SNMP v3.0
SNMPv3 is an enhanced version of the Simple Network Management Protocol, approved by the Internet
Engineering Steering Group in March, 2002. SNMP v3.0 contains additional security and authentication features
that provide data origin authentication, data integrity checks, timeliness indicators, and encryption to protect against
threats such as masquerade, modification of information, message stream modification, and disclosure.
SNMP v3 ensures that the client can use SNMP v3 to query the MIBs, mainly for security.
To access the SNMP v3.0 menu, enter the following command in the CLI:
>> # /cfg/sys/ssnmp/snmpv3
For more information on SNMP MIBs and the commands used to configure SNMP on the switch, see the
Command Reference Guide
.
Default configuration
The switch software has two users by default. Both the users '
adminmd5
' and '
adminsha
' have access to all the
MIBs supported by the switch.
1.
username 1:
adminmd5/password adminmd5
. Authentication used is MD5.
2.
username 2:
adminsha/password adminsha
. Authentication used is SHA.
3.
username 3:
v1v2only/password none
.
To configure an SNMP user name, enter the following command from the CLI:
>> # /cfg/sys/ssnmp/snmpv3/usm 6
User configuration
Users can be configured to use the authentication/privacy options. Currently we support two authentication
algorithms: MD5 and SHA. These can be specified using the command:
/cfg/sys/ssnmp/snmpv3/usm
<x>/auth md5|sha
1.
To configure a user with name 'test,' authentication type MD5, and authentication password of 'test,' privacy
option DES with privacy password of 'test,' use the following CLI commands:
>> # /cfg/sys/ssnmp/snmpv3/usm 5
>> SNMPv3 usmUser 5 # name "test"
>> SNMPv3 usmUser 5 # auth md5
>> SNMPv3 usmUser 5 # authpw test
>> SNMPv3 usmUser 5 # priv des
>> SNMPv3 usmUser 5 # privpw test
2.
Once a user is configured you need to specify the access level for this user along with the views the user is
allowed access to. This is specified in the access table.
>> # /cfg/sys/ssnmp/snmpv3/access 5
>> SNMPv3 vacmAccess 5 # name "testgrp"
>> SNMPv3 vacmAccess 5 # level authPriv
>> SNMPv3 vacmAccess 5 # rview "iso"
>> SNMPv3 vacmAccess 5 # wview "iso"
>> SNMPv3 vacmAccess 5 # nview "iso"
3.
The group table links the user to a particular access group.
>> # /cfg/sys/ssnmp/snmpv3/group 5
>> SNMPv3 vacmSecurityToGroup 5 # uname test
>> SNMPv3 vacmSecurityToGroup 5 # gname testgrp
If you want to allow user access only to certain MIBs, see the “View based configurations” section.