beautypg.com

Defining an snmp user account – Brocade FastIron Ethernet Switch Administration Guide User Manual

Page 143

background image

page 138.) When a community string is created, two groups are created, based on the community string
name. One group is for SNMP version 1 packets, while the other is for SNMP version 2 packets.

The group groupname parameter defines the name of the SNMP group to be created.

The v1 , v2 , or v3 parameter indicates which version of SNMP is used. In most cases, you will be using
v3, since groups are automatically created in SNMP versions 1 and 2 from community strings.

The auth | noauth parameter determines whether or not authentication will be required to access the
supported views. If auth is selected, then only authenticated packets are allowed to access the view
specified for the user group. Selecting noauth means that no authentication is required to access the
specified view. Selecting priv means that an authentication password will be required from the users.

The access standard-ACL-id parameter is optional. It allows incoming SNMP packets to be filtered
based on the standard ACL attached to the group.

The read viewstring | write viewstring parameter is optional. It indicates that users who belong to this
group have either read or write access to the MIB.

The viewstring variable is the name of the view to which the SNMP group members have access. If no
view is specified, then the group has no access to the MIB.

The value of viewstring is defined using the snmp-server view command. The SNMP agent comes
with the "all" default view, which provides access to the entire MIB; however, it must be specified when
creating the group. The "all" view also allows SNMP version 3 to be backwards compatibility with SNMP
version 1 and version 2.

NOTE
If you will be using a view other than the "all" view, that view must be configured before creating the
user group.Refer to the section

SNMP v3 configuration examples

on page 151, especially for details on

the include | exclude parameters.

Defining an SNMP user account

The snmp-server user command does the following:

• Creates an SNMP user.
• Defines the group to which the user will be associated.
• Defines the type of authentication to be used for SNMP access by this user.
• Specifies one of the following encryption types used to encrypt the privacy password:

Data Encryption Standard (DES) - A symmetric-key algorithm that uses a 56-bit key.

Advanced Encryption Standard (AES) - The 128-bit encryption standard adopted by the
U.S. government. This standard is a symmetric cipher algorithm chosen by the National
Institute of Standards and Technology (NIST) as the replacement for DES.

Here is an example of how to create an SNMP User account.

device(config)#snmp-s user bob admin v3 access 2 auth md5 bobmd5 priv des bobdes

The CLI for creating SNMP version 3 users has been updated as follows.

Syntax: no snmp-server user name groupname v3 [ [ access standard-ACL-id ] [ [ encrypted ] [auth
md5 md5-password | sha sha-password ] [ priv [ encrypted ] des des-password-key | aes aes-
password-key ] ] ]

Defining an SNMP user account

FastIron Ethernet Switch Administration Guide

143

53-1003075-02

See also other documents in the category Brocade Computer Accessories: