Managing the Switch
ExtremeWare XOS 11.1 Concepts Guide
62
A number of default (permanent) groups are already defined. These groups are:
admin, initial, v1v2c_ro
,
v1v2c_rw.
To display information about the access configuration of a group or all groups, use the
following command:
show snmpv3 access {[[hex <hex_group_name>] | <group_name>]}
Users are associated with groups using the following command:
configure snmpv3 add group [[hex <hex_group_name>] | <group_name>] user [[hex
<hex_user_name>] | <user_name>] {sec-model [snmpv1| snmpv2c | usm]} {volatile}
To show which users are associated with a group, use the following command:
show snmpv3 group {[[hex <hex_group_name>] | <group_name>] {user [[hex
<hex_user_name>] | <user_name>]}}
To delete a group, use the following command:
configure snmpv3 delete access [all-non-defaults | {[[hex <hex_group_name>] |
<group_name>] {sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth | authnopriv |
priv]}}]
When you delete a group, you do not remove the association between the group and users of the group.
To delete the association between a user and a group, use the following command:
configure snmpv3 delete group {[[hex <hex_group_name>] | <group_name>]} user [all-non-
defaults | {[[hex <hex_user_name>] | <user_name>] {sec-model [snmpv1|snmpv2c|usm]}}]
Security Models and Levels.
For compatibility, SNMPv3 supports three security models:
●
SNMPv1—no security
●
SNMPv2c—community strings based security
●
SNMPv3—USM security
The default is USM. You can select the security model based on the network manager in your network.
The three security levels supported by USM are:
●
noAuthnoPriv—No authentication, no privacy. This is the case with existing SNMPv1/v2c agents.
●
AuthnoPriv—Authentication, no privacy. Messages are tested only for authentication.
●
AuthPriv—Authentication, privacy. This represents the highest level of security and requires every
message exchange to pass the authentication and encryption tests.
When a user is created, an authentication method is selected, and the authentication and privacy
passwords or keys are entered.
When MD5 authentication is specified, HMAC-MD5-96 is used to achieve authentication with a 16-octet
key, which generates an 128-bit authorization code. This authorization code is inserted in
msgAuthenticationParameters field of SNMPv3 PDUs when the security level is specified as either
AuthnoPriv or AuthPriv. Specifying SHA authentication uses the HMAC-SHA protocol with a 20-octet
key for authentication.
For privacy, a 16-octet key is provided as input to DES-CBS encryption protocol, which generates an
encrypted PDU to be transmitted. DES uses bytes 1-7 to make a 56 bit key. This key (encrypted itself) is
placed in msgPrivacyParameters of SNMPv3 PDUs when the security level is specified as AuthPriv.
Содержание ExtremeWare XOS 11.1
Страница 16: ...Contents ExtremeWare XOS 11 1 Concepts Guide 16...
Страница 20: ...Preface ExtremeWare XOS 11 1 Concepts Guide 20...
Страница 21: ...1 Using ExtremeWare XOS...
Страница 22: ......
Страница 78: ...Managing the ExtremeWare XOS Software ExtremeWare XOS 11 1 Concepts Guide 78...
Страница 168: ...Virtual LANs ExtremeWare XOS 11 1 Concepts Guide 168...
Страница 200: ...Policies and ACLs ExtremeWare XOS 11 1 Concepts Guide 200...
Страница 252: ...Security ExtremeWare XOS 11 1 Concepts Guide 252...
Страница 265: ...2 Using Switching and Routing Protocols...
Страница 266: ......
Страница 294: ...Ethernet Automatic Protection Switching ExtremeWare XOS 11 1 Concepts Guide 294...
Страница 354: ...Extreme Standby Router Protocol ExtremeWare XOS 11 1 Concepts Guide 354...
Страница 416: ...IP Multicast Routing ExtremeWare XOS 11 1 Concepts Guide 416...
Страница 417: ...3 Appendixes...
Страница 418: ......
Страница 432: ...Software Upgrade and Boot Options ExtremeWare XOS 11 1 Concepts Guide 432...