Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T

831

832

833

834

835

836

837

838

839

840

FIPS mode only if SNMPv3 users are not previously set up. If previously congured users exist on the system, you must delete the existing

users before you change the FIPS mode.

Keep the following points in mind when you congure the AES128-CFB algorithm for SNMPv3:

1 SNMPv3 authentication provides only the sha option when the FIPS mode is enabled.

2 SNMPv3 privacy provides only the aes128 privacy option when the FIPS mode is enabled.

3 If you attempt to enable or disable FIPS mode and if any SNMPv3 users are previously congured, an error message is displayed

stating you must delete all of the SNMP users before changing the FIPS mode.

4 A message is logged indicating whether FIPS mode is enabled for SNMPv3. This message is generated only when the rst SNMPv3

user is congured because you can modify the FIPS mode only when users are not previously congured. This log message is

provided to assist your system security auditing procedures.

Conguration Task List for SNMP

Conguring SNMP version 1 or version 2 requires a single step.

NOTE: The congurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of

many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these congurations

use SNMP version 2c.

• Creating a Community

Conguring SNMP version 3 requires conguring SNMP users in one of three methods. Refer to Setting Up User-Based Security

(SNMPv3).

Related Conguration Tasks

• Managing Overload on Startup

• Reading Managed Object Values

• Writing Managed Object Values

• Subscribing to Managed Object Value Updates using SNMP

• Copying Conguration Files via SNMP

• Manage VLANs Using SNMP

• Enabling and Disabling a Port using SNMP

• Fetch Dynamic MAC Entries using SNMP

• Deriving Interface Indices

• Monitor Port-channels

Important Points to Remember

• Typically, 5-second timeout and 3-second retry values on an SNMP server are sucient for both LAN and WAN applications. If you

experience a timeout with these values, increase the timeout value to greater than 3 seconds, and increase the retry value to greater

than 2 seconds on your SNMP server.

• User ACLs override group ACLs.

Set up SNMP

As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models.

The primary dierence between the two versions is that version 2 supports two additional protocol operations (informs operation and

snmpgetbulk query) and one additional object (counter64 object).

Simple Network Management Protocol (SNMP)

835