beautypg.com

Defining an snmp user account – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 358

background image

340

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Using the User-Based Security model

10

The auth | noauth parameter determines whether authentication is required for accessing the
supported views. If auth is selected, then only authenticated packets are allowed to access the
view specified for the user group. Selecting noauth means that no authentication is required to
access the specified view. Selecting priv means that an authentication password is required from
the users.

The auth | noauth | priv parameter is available when you select v3, not v1 or v2.

The access standard-acl-id parameter is optional. It allows incoming SNMP packets to be filtered
based on the standard ACL attached to the group.

The read viewstring | write viewstring parameter is optional. It indicates that users who belong to
this group have either read or write access to the MIB.

The notify viewname parameter is optional. It allows trap notifications to be encrypted and sent to
target hosts.

The viewstring variable is the name of the view to which the SNMP group members have access. If
no view is specified, then the group has no access to the MIB.

The value of viewstring is defined by using the snmp-server view command. The SNMP agent
comes with the “all” view, the default view that provides access to the entire MIB; however, it must
be specified when creating the group. The “all” view also lets SNMP version 3 be backwards
compatibility with SNMP version 1 and version 2.

NOTE

If you plan to use a view other than the “all” view, that view must have been configured before you
create the user group. Refer to

“Defining SNMP views”

, for details on the include | exclude

parameters.

Defining an SNMP user account

The snmp-server user command does the following:

Creates an SNMP user.

Defines the group to which the user will be associated.

Defines the type of authentication to be used for SNMP access by this user.

Here is an example of how to create the account.

Brocade(config)# snmp-s user bob admin v3 access 2 auth md5 bobmd5 priv des bobdes

The CLI for creating SNMP version 3 users has been updated as follows.

Syntax: [no] snmp-server user name groupname v3

[ [access standard-acl-id]
[ [encrypted] auth md5 md5-password | sha sha-password
[priv [encrypted] des des-password-key | aes aes-password-key] ] ]

The name parameter defines the SNMP user name or security name used to access the
management module.

The groupname parameter identifies the SNMP group to which this user is associated or mapped.
All users must be mapped to an SNMP group. Groups are defined using the snmp-server group
command.

See also other documents in the category Brocade Computer Accessories: