Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

161

162

163

164

165

166

167

168

169

170

152 ServerIron ADX Administration Guide

53-1002434-01

Using the user-based security mode

ServerIronADX(config)# snmp-s user bob admin v3 access 2 auth md5 bobmd5 priv des

bobdes

The CLI for creating SNMP version 3 users has been updated as follows.

Syntax: [no] snmp-server user <name> <groupname> v3

[ [access <standard-acl-id>]

[ [encrypted] auth md5 <md5-password> | sha <sha-password>

[priv [encrypted] des <des-password-key> | aes <aes-password-key>] ] ]

The <name> parameter defines the SNMP user name or security name used to access the

management module.

The <groupname> parameter identifies the SNMP group to which this user is associated or

mapped. All users must be mapped to an SNMP group. Groups are defined using the snmp-server

group command.

NOTE

The SNMP group to which the user account will be mapped should be configured before creating the

user accounts; otherwise, the group will be created without any views. Also, ACL groups must be

configured before configuring user accounts.

The v3 parameter is required.

The access <standard-acl-id> parameter is optional. It indicates that incoming SNMP packets are

filtered based on the ACL attached to the user account.

NOTE

The ACL specified in a user account overrides the ACL assigned to the group to which the user is

mapped. If no ACL is entered for the user account, the ACL configured for the group is used to filter

packets.

The encrypted parameter means that the MD5 or SHA password will be a digest value. MD5 has

16 octets in the digest. SHA has 20. The digest string has to be entered as a hexadecimal string.

In this case, the agent need not generate any explicit digest. If the encrypted parameter is not

used, the user is expected to enter the authentication password string for MD5 or SHA. The agent

converts the password string to a digest, as described in RFC 3414.

The optional auth md5 | sha parameter defines the type of encryption the user must have to be

authenticated. The choices are MD5 and SHA encryption (the two authentication protocols used in

SNMP version 3).

The <md5-password> and <sha-password> define the password the user must use to be

authenticated. These password must have a minimum of 8 characters. If the encrypted parameter

is used, then the digest has 16 octets for MD5 or 20 octets for SHA.

NOTE

Once a password string is entered, the generated configuration displays the digest (for security

reasons), not the actual password.

The priv [encrypted] parameter is optional after you enter the md5 or sha password. The priv

parameter specifies the encryption that is used to encrypt the privacy password. If the encrypted

keyword is used, do the following:

• If DES is the privacy protocol to be used, enter des <des-password-key> and enter a 16-octet

DES key in hexadecimal format for the <des-password-key>. If you include the encrypted

keyword, enter a password string of at least 8 characters.