Administrator Guide

ManualsBrandsDell ManualsserversDell Force10 MXL Blade

731

732

733

734

735

736

737

738

739

740

Keep the following points in mind when you congure the AES128-CFB algorithm for SNMPv3:

1. SNMPv3 authentication provides only the sha option when the FIPS mode is enabled.

2. SNMPv3 privacy provides only the aes128 privacy option when the FIPS mode is enabled.

3. If you attempt to enable or disable FIPS mode and if any SNMPv3 users are previously congured, an error message is

displayed stating you must delete all of the SNMP users before changing the FIPS mode.

4. A message is logged indicating whether FIPS mode is enabled for SNMPv3. This message is generated only when the rst

SNMPv3 user is congured because you can modify the FIPS mode only when users are not previously congured. This log

message is provided to assist your system security auditing procedures.

Set up SNMP

As previously stated, the Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models.

The primary dierence between the two versions is that version 2 supports two additional protocol operations (informs operation

and snmpgetbulk query) and one additional object (counter64 object).

SNMP version 3 (SNMPv3) is a user-based security model that provides password authentication for user security and encryption

for data security and privacy. Three sets of congurations are available for SNMP read/write operations: no password or privacy,

password privileges, password and privacy privileges.

You can congure a maximum of 16 users even if they are in dierent groups.

Creating a Community

For SNMPv1 and SNMPv2, create a community to enable the community-based security in the Dell Networking OS.

The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP

manager. A network element that processes SNMP requests is called an SNMP agent. An SNMP community is a group of SNMP

agents and managers that are allowed to interact. Communities are necessary to secure communication between SNMP managers

and agents; SNMP agents do not respond to requests from management stations that are not part of the community.

The Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message.

You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).

22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START.

To choose a name for the community you create, use the following command.

• Choose a name for the community.

CONFIGURATION mode

snmp-server community name {ro | rw}

Example of Creating an SNMP Community

To view your SNMP conguration, use the show running-config snmp command from EXEC Privilege mode.

Dell(conf)#snmp-server community my-snmp-community ro

22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START.

Dell#show running-config snmp

snmp-server community mycommunity ro

Dell#

Setting Up User-Based Security (SNMPv3)

When setting up SNMPv3, you can set users up with one of the following three types of conguration for SNMP read/write

operations.

Users are typically associated to an SNMP group with permissions provided, such as OID view.

738

Simple Network Management Protocol (SNMP)