HP VPN Firewall Appliances System Management and Maintenance Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

191

192

193

194

195

196

197

198

199

200

190

priv-password: Specifies a case-sensitive plaintext or encrypted privacy key. A plaintext key is a string of

1 to 64 characters. If the cipher keyword is specified, the encrypted privacy key length requirements

differ by authentication algorithm and key string format, as shown in Table 40.

Table 40 Encrypted privacy key length requirements

Authentication

orithm

Encryption

orithm

Hexadecimal string Non-hexadecimal string

MD5 3DES 64 characters 73 characters

MD5

AES128 or

DES-56

32 characters 53 characters

SHA 3DES 80 characters 73 characters

SHA

AES128 or

DES-56

40 characters 53 characters

acl acl-number: Specifies a basic ACL to filter NMSs by source IPv4 address. The acl-number argument

represents a basic ACL number in the range of 2000 to 2999. Only the NMSs with the IPv4 addresses

permitted in the ACL can use the specified username to access the SNMP agent.

acl ipv6 ipv6-acl-number: Specifies a basic ACL to filter NMSs by source IPv6 address. The

ipv6-acl-number argument represents a basic ACL number in the range of 2000 to 2999. Only the NMSs

with the IPv6 addresses permitted in the ACL can use the specified username to access the SNMP agent.

local: Represents a local SNMP entity user.

engineid engineid-string: Specifies an SNMP engine ID as a hexadecimal string. The engineid-string

argument must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-zero

and all-F strings are invalid.

Usage guidelines

You must create an SNMPv3 user for the agent and the NMS to use SNMPv3.

You must create an SNMP group before you assign an SNMP user to the group. Otherwise, the user

cannot take effect after it is created. An SNMP group can contain multiple users. It defines SNMP objects

accessible to the group of users in the MIB view and specifies whether to enable authentication and

privacy functions. The authentication and encryption algorithms are defined when a user is created.

When you use the snmp-agent usm-user v3 cipher command, the pri-password argument in this

command can be obtained by the snmp-agent calculate-password command. To make the calculated

encrypted key applicable to the snmp-agent usm-user v3 cipher command and have the same effect as

that in the snmp-agent usm-user v3 cipher command, make sure the same encryption algorithm is

specified for the two commands and the local engine ID specified in the snmp-agent usm-user v3 cipher

command is consistent with the SNMP entity engine ID specified in the snmp-agent calculate-password

command.

When you execute this command multiple times to configure the same user (the usernames remain the

same, no limitation to other keywords and arguments), the most recent configuration takes effect.

For security purposes, all keys, including keys configured in plain text, are saved in cipher text.

Remember the username and the plaintext password when you create a user. A plaintext password is

required when the NMS accesses the SNMP agent.

In FIPS mode, the MD5, DES56, and 3DES privacy algorithms are not supported.