Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

931

932

933

934

935

936

937

938

939

940

To enable security for SNMP packets transferred between the server and the client, you can use the snmp-server user username

group groupname 3 auth authentication-type auth-password priv aes128 priv-password command to specify

that AES-CFB 128 encryption algorithm needs to be used.

DellEMC(conf)#snmp-server user snmpguy snmpmon 3 auth sha AArt61wq priv aes128 jntRR59a

In this example, for a specied user and a group, the AES128-CFB algorithm, the authentication password to enable the server to receive

packets from the host, and the privacy password to encode the message contents are congured.

SHA authentication needs to be used with the AES-CFB128 privacy algorithm only when FIPS is enabled because SHA is then the only

available authentication level. If FIPS is disabled, you can use MD5 authentication in addition to SHA authentication with the AES-CFB128

privacy algorithm

You cannot modify the FIPS mode if SNMPv3 users are already congured and present in the system. An error message is displayed if you

attempt to change the FIPS mode by using the fips mode enable command in Global Conguration mode. You can enable or disable

FIPS mode only if SNMPv3 users are not previously set up. If previously congured users exist on the system, you must delete the existing

users before you change the FIPS mode.

Keep the following points in mind when you congure the AES128-CFB algorithm for SNMPv3:

1 SNMPv3 authentication provides only the sha option when the FIPS mode is enabled.

2 SNMPv3 privacy provides only the aes128 privacy option when the FIPS mode is enabled.

3 If you attempt to enable or disable FIPS mode and if any SNMPv3 users are previously congured, an error message is displayed

stating you must delete all of the SNMP users before changing the FIPS mode.

4 A message is logged indicating whether FIPS mode is enabled for SNMPv3. This message is generated only when the rst SNMPv3

user is congured because you can modify the FIPS mode only when users are not previously congured. This log message is

provided to assist your system security auditing procedures.

Conguration Task List for SNMP

Conguring SNMP version 1 or version 2 requires a single step.

NOTE

: The congurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of

many RFC-compliant SNMP utilities you can use to manage your Dell EMC Networking system using SNMP. Also, these

congurations use SNMP version 2c.

• Creating a Community

Conguring SNMP version 3 requires conguring SNMP users in one of three methods. Refer to Setting Up User-Based Security

(SNMPv3).

Related Conguration Tasks

• Managing Overload on Startup

• Reading Managed Object Values

• Writing Managed Object Values

• Subscribing to Managed Object Value Updates using SNMP

• Copying Conguration Files via SNMP

• Manage VLANs Using SNMP

• Enabling and Disabling a Port using SNMP

• Fetch Dynamic MAC Entries using SNMP

• Deriving Interface Indices

• Monitor Port-channels

Simple Network Management Protocol (SNMP)

933