User's Manual
MDS 05-6302A01, Rev. A MDS Mercury 16E Technical Manual 35
Passwords can be changed either locally (via the console) or from an
SNMP Manager, depending on how the Agent is configured. If
passwords are configured and managed locally, they are non-volatile
and will survive a power-cycle. If passwords are configured from an
SNMP manager, they will be reset to whatever has been stored for local
management on power-cycle.
This behavior was chosen based on RFC specifications. The SNMP
Manager and Agent do not exchange passwords, but actually exchange
keys based on passwords. If the Manager changes the Agent's password,
the Agent does not know the new password. The Agent only knows the
new key. In this case, only the Manager knows the new password. This
could cause problems if the Manager loses the password. If that occurs,
the Agent becomes unmanageable. Resetting the Agent's passwords
(and therefore keys) to what is stored in flash memory upon power-cycle
prevents the serious problem of losing the Agent's passwords.
If passwords are managed locally, they can be changed on the Agent (via
the console). Any attempts to change the passwords for the Agent via an
SNMP Manager will fail when the Agent is in this mode. Locally
defined passwords will survive a power-cycle. In either case, the SNMP
Manager needs to know the initial passwords being used in order to
communicate to the Agent. If the Agent's passwords are configured via
the Manager, they can be changed from the Manager. If the passwords
are managed locally, then the Manager must be re-configured with any
password changes in order to continue talking to the Agent.
Password Mode
Management
Changes
When the password management mode is changed, the active passwords
used by the Agent may also change. Some common scenarios are
discussed below:
• Passwords are currently being handled by the Manager. The
assigned passwords are Microwave (Auth), and Rochester (Priv).
Configuration is changed to manage the passwords locally. The
passwords stored on the radio were Fairport (Auth), and Church-
ville
(Priv) (if local passwords have never been used, then MDS-
AuthPwd and MDSPrivPwd are used). These passwords will
now be used by the Agent to re-generate keys. The Manager
must know these passwords to communicate with the Agent.
• Passwords are currently managed locally. The local passwords
are
Fairport (Auth) and Churchville (Priv). Configuration is
changed to handle the passwords from the Manager. The same
passwords will continue to be used, but now the Manager can
change them.
• Passwords are currently managed locally. The local passwords
are Fairport (Auth) and Churchville (Priv). Passwords are changed
to
Brighton (Auth) and Perinton (Priv). The Agent will immedi-
ately generate new keys based on these passwords and start
using them. The Manager will have to be re-configured to use
these new passwords.