R3166-R3206-HP High-End Firewalls System Management and Maintenance Command Reference-6PW101
144
mode: Specifies the encryption algorithm and authentication algorithm. The three encryption algorithms
Advanced Encryption Standard (AES), triple data encryption standard (3DES), and Data Encryption
Standard (DES) are in descending order in terms of security. Higher security means more complex
implementation mechanism and lower speed. DES is enough to meet general requirements.
Message-Digest Algorithm 5 (MD5) and Secure Hash Algorithm (SHA-1) are the two authentication
algorithms. MD5 is faster than SHA-1, while SHA-1 provides higher security than MD5.
• 3desmd5: Converts a plain text encryption password to a cipher text encryption password. In this
case, the authentication protocol must be MD5, and the encryption algorithm must be 3DES. For
more information about MD5 and 3DES, see VPN Configuration Guide.
• 3dessha: Converts a plain text encryption password to a cipher text encryption password. In this
case, the authentication protocol must be SHA-1, and the encryption algorithm must be 3DES. For
more information about SHA-1 and 3DES, see VPN Configuration Guide.
• md5: Converts a plain text authentication password to a cipher text authentication password. In this
case, the authentication protocol must be MD5. Or, this algorithm can convert the plain text
encryption password to a cipher text encryption password, In this case, the authentication protocol
must be MD5, and the encryption algorithm can be either AES or DES (when the authentication
protocol is specified as MD5, cipher text passwords are the same by using the encryption
algorithms AES and DES). For more information about AES and DES, see VPN Configuration
Guide.
• sha: Converts the plain text authentication password to a cipher text authentication password. In
this case, the authentication protocol must be SHA-1. Or, this algorithm can convert the plain text
encryption password to a cipher text encryption password, In this case, the authentication protocol
must be SHA-1, and the encryption algorithm can be either AES or DES (when the authentication
protocol is specified as SHA-1, cipher text passwords are the same by using the encryption
algorithms AES and DES).
local-engineid: Uses local engine ID to calculate cipher text password. For more information about
engine ID, see the snmp-agent local-engineid command.
specified-engineid: Uses user-defined engine ID to calculate cipher text password.
engineid: The engine ID string, an even number of hexadecimal characters, in the range 10 to 64. Its
length must not be an odd number, and the all-zero and all-F strings are invalid.
Description
Use the snmp-agent calculate-password command to convert the user-defined plain text password to a
cipher text password.
Note that:
• The cipher text password converted with the sha keyword specified in this command is a string of
40 hexadecimal characters. For an authentication password, all of the 40 hexadecimal characters
are valid; while for a privacy password, only the first 32 hexadecimal characters are valid.
• Enable SNMP on the device before executing the command.
When creating an SNMPv3 user, if you specify to use the cipher text authentication/encryption
password, you can use this command to generate a cipher text password.
The converted password is associated with the engine ID, namely, the password is valid only under the
specified engine ID based on which the password was configured.
Related commands: snmp-agent usm-user v3.
Examples
# Use local engine ID and MD5 authentication protocol to convert the plain text password authkey.