Manualshelf

User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf
421422423424425426427428429430
Enterasys X-Pedition User Reference Manual 399
Configuring X-Pedition Access Security
To create a new user, use the snmp set user command. For a detailed explanation of the snmp set
user command, see the Enterasys X-Pedition Command Line Interface Reference Manual. Most
commonly, users will be configured to authenticate with the local SNMP engine only, however,
individual users can be configured to authenticate with remote authoritative SNMP engines if
necessary (see Configuring Informs on page 405). The example below illustrates the creation of a
new user named “jane” configured to use the HMAC-SHA-96 authentication protocol.
Note: After the router executes the snmp set user command, the CLI will prompt the user for
password information.
The next example shows how to configure a user to use both encryption and authentication. In this
case the user will be configured to use the HMAC-MD5-96 authentication protocol along with
CBC-DES encryption for privacy.
Note: After the router executes the snmp set user command, the CLI will prompt the user for
password information.
After saving the configuration to make it active, authentication and privacy keys will be generated
and localized to the Engine-ID specified (in this case the local Engine-ID). Note that the resulting
keys will not be visible in the X-Pedition's configuration file. If the user's passwords are lost they
cannot be recovered and the user will need to be reconfigured using the snmp set user command.
Once the user accounts are created, the individual users can be grouped to assign access rights
based on the level of security the user will have when remotely accessing the X-Pedition (see
Creating Groups on page 401).
Creating Communities
When using SNMPv1 and SNMPv2c, user accounts are not available. However, configuring a
community in SNMPv3 allows the protocol to coexist with SNMPv1 and SNMPv2c. To configure
access for SNMPv1 and SNMPv2c, use the following command:
This is the simplest form of the snmp set community command and maps to permanent default
groups/views to grant the community access to the entire MIB tree. Users must enter a separate
command to define community information for each security model (i.e., SNMPv1 and SNMPv2c).
In cases where it is necessary to restrict access for a community, define a group (see Creating
Groups on page 401) and use the command below to map the community to the group:
xp(config)# snmp set user jane engine-id local auth sha1
xp(config)# snmp set user john engine-id local auth md5 priv des
snmp set community <community> privilege [read read-write] [v1| v2c]
snmp set community <community> group <group-name> [v1| v2c]