Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9513 with Supervisor 2 Director Switch

381

382

383

384

385

386

387

388

389

390

Send feedback to nx5000-docfeedback@cisco.com

27-4

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01

Chapter 27 Configuring SNMP

Information About SNMP

The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The

priv option along with the aes-128 token indicates that this privacy password is for generating a 128-bit

AES key.The AES priv password can have a minimum of eight characters. If the passphrases are

specified in clear text, you can specify a maximum of 64 characters. If you use the localized key, you

can specify a maximum of 130 characters.

Note For an SNMPv3 operation using the external AAA server, you must use AES for the privacy protocol in

user configuration on the external AAA server.

CLI and SNMP User Synchronization

SNMPv3 user management can be centralized at the Access Authentication and Accounting (AAA)

server level. This centralized user management allows the SNMP agent in Cisco NX-OS to leverage the

user authentication service of the AAA server. Once user authentication is verified, the SNMP PDUs are

processed further. Additionally, the AAA server is also used to store user group names. SNMP uses the

group names to apply the access/role policy that is locally available in the switch.

Any configuration changes made to the user group, role, or password results in database synchronization

for both SNMP and AAA.

Cisco NX-OS synchronizes user configuration in the following ways:

• The auth passphrase specified in the snmp-server user command becomes the password for the

CLI user.

• The password specified in the username command becomes as the auth and priv passphrases for

the SNMP user.

• Deleting a user using either SNMP or the CLI results in the user being deleted for both SNMP and

the CLI.

• User-role mapping changes are synchronized in SNMP and the CLI.

Note When you configure passphrase/password in localized key/encrypted format, Cisco NX-OS does

not synchronize the password.

Group-Based SNMP Access

Note Because group is a standard SNMP term used industry-wide, roles are referred to as groups in this SNMP

section.

SNMP access rights are organized by groups. Each group in SNMP is similar to a role through the CLI.

Each group is defined with three accesses: read access, write access, and notification access. Each access

can be enabled or disabled within each group.

You can begin communicating with the agent once your user name is created, your roles are set up by

your administrator, and you are added to the roles.