White Papers

Table Of Contents
Monitor Port-Channels
Troubleshooting SNMP Operation
Transceiver Monitoring
Configuring SNMP context name
Protocol Overview
Network management stations use SNMP to retrieve or alter management data from network elements.
A datum of management information is called a managed object; the value of a managed object can be static or variable.
Network elements store managed objects in a database called a management information base (MIB).
MIBs are hierarchically structured and use object identifiers to address managed objects, but managed objects also have a
textual name called an object descriptor.
You can download the latest MIB files from the following path:
https://www.force10networks.com/CSPortal20/Main/SupportMain.aspx.
Implementation Information
The following describes SNMP implementation information.
Dell EMC Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by
RFC 1901, and SNMP version 3 as defined by RFC 2571.
Dell EMC Networking OS supports up to 16 trap receivers.
Dell EMC Networking OS implementation of the sFlow MIB supports sFlow configuration via SNMP sets.
SNMP traps for the spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) state changes are based on
BRIDGE MIB (RFC 1483) for STP and IEEE 802.1 draft ruzin-mstp-mib-02 for MSTP.
SNMPv3 Compliance With FIPS
SNMPv3 is compliant with the Federal information processing standard (FIPS) cryptography standard. The Advanced
Encryption Standard (AES) Cipher Feedback (CFB) 128-bit encryption algorithm is in compliance with RFC 3826. SNMPv3
provides multiple authentication and privacy options for user configuration. A subset of these options are the FIPS-approved
algorithms: HMAC-SHA1-96 for authentication and AES128-CFB for privacy. The other options are not FIPS-approved
algorithms because of known security weaknesses. The AES128-CFB privacy option is supported and is compliant with RFC
3826.
The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when the system
is configured with the fips mode enable command in Global Configuration mode. When the FIPS mode is enabled on the
system, SNMPv3 operates in a FIPS-compliant manner, and only the FIPS-approved algorithm options are available for SNMPv3
user configuration. When the FIPS mode is disabled on the system, all options are available for SNMPv3 user configuration.
The following table describes the authentication and privacy options that can be configured when the FIPS mode is enabled or
disabled:
Table 109. Authentication and Privacy Options
FIPS Mode Privacy Options Authentication Options
Disabled des56 (DES56-CBC)
aes128 (AES128-CFB)
md5 (HMAC-MD5-96)
sha (HMAC-SHA1-96)
Enabled aes128 (AES128-CFB) sha (HMAC-SHA1-96)
To enable security for SNMP packets transferred between the server and the client, you can use the snmp-server user
username group groupname 3 auth authentication-type auth-password priv aes128 priv-password
command to specify that AES-CFB 128 encryption algorithm needs to be used.
DellEMC(conf)#snmp-server user snmpguy snmpmon 3 auth sha AArt61wq priv aes128 jntRR59a
Simple Network Management Protocol (SNMP)
829