Configuration manual

ManualsBrandsDell ManualsSoftwareForce10

811

812

813

814

815

816

817

818

819

820

Related Configuration Tasks

• Set up SNMP

• Setting Up User-Based Security (SNMPv3)

• Reading Managed Object Values

• Writing Managed Object Values

• Configuring Contact and Location Information using SNMP

• Subscribing to Managed Object Value Updates using SNMP

• Copying Configuration Files via SNMP

• Manage VLANs using SNMP

• Enabling and Disabling a Port using SNMP

• Fetch Dynamic MAC Entries using SNMP

• Deriving Interface Indices

• Monitor Port-Channels

• Troubleshooting SNMP Operation

Important Points to Remember

• Typically, 5-second timeout and 3-second retry values on an SNMP server are sufficient for both LAN

and WAN applications. If you experience a timeout with these values, increase the timeout value to

greater than 3 seconds, and increase the retry value to greater than 2 seconds on your SNMP server.

• User ACLs override group ACLs.

SNMPv3 Compliance With FIPS

SNMPv3 is compliant with the Federal information processing standard (FIPS) cryptography standard. The

Advanced Encryption Standard (AES) Cipher Feedback (CFB) 128-bit encryption algorithm is in

compliance with RFC 3826. SNMPv3 provides multiple authentication and privacy options for user

configuration. A subset of these options are the FIPS-approved algorithms: HMAC-SHA1-96 for

authentication and AES128-CFB for privacy. The other options are not FIPS-approved algorithms because

of known security weaknesses. The AES128-CFB privacy option is supported and is compliant with RFC

3826.

The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic

operations when the system is configured with the fips mode enable command in Global

Configuration mode. When the FIPS mode is enabled on the system, SNMPv3 operates in a FIPS-

compliant manner, and only the FIPS-approved algorithm options are available for SNMPv3 user

configuration. When the FIPS mode is disabled on the system, all options are available for SNMPv3 user

configuration.

The following table describes the authentication and privacy options that can be configured when the

FIPS mode is enabled or disabled:

FIPS Mode Privacy Options Authentication Options

Disabled des56 (DES56-CBC) md5 (HMAC-MD5-96)

Simple Network Management Protocol (SNMP)

815