beautypg.com

Defining an snmp user account – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 129

background image

Brocade Virtual ADX Administration Guide

117

53-1003249-01

Using the user-based security mode

4

The read viewstring | write viewstring parameter is optional. It indicates that users who belong to
this group have either read or write access to the MIB.

The notify viewname parameter is optional. It allows trap notifications to be encrypted and sent to
target hosts.

The viewstring variable is the name of the view to which the SNMP group members have access. If
no view is specified, then the group has no access to the MIB.

The value of viewstring is defined by using the snmp-server view command. The SNMP agent
comes with the "all" view, the default view that provides access to the entire MIB; however, it must
be specified when creating the group. The "all" view also lets SNMP version 3 be backwards
compatibility with SNMP version 1 and version 2.

Defining an SNMP user account

The snmp-server user command does the following.

Creates an SNMP user.

Defines the group to which the user will be associated.

Defines the type of authentication to be used for SNMP access by this user.

Here is an example of how to create the account:

Virtual ADX(config)#snmp-s user bob admin v3 auth md5 bobmd5 priv des bobdes

The CLI for creating SNMP version 3 users has been updated as follows.

Syntax: [no] snmp-server user name groupname v3

[[ [encrypted] auth md5 md5-password | sha sha-password
[priv [encrypted] des des-password-key | aes aes-password-key] ] ]

The name parameter defines the SNMP user name or security name used to access the
management process.

The groupname parameter identifies the SNMP group to which this user is associated or mapped.
All users must be mapped to an SNMP group. Groups are defined using the snmp-server group
command.

NOTE

The SNMP group to which the user account will be mapped should be configured before creating the
user accounts; otherwise, the group will be created without any views.

The v3 parameter is required.

The encrypted parameter means that the MD5 or SHA password will be a digest value. MD5 has 16
octets in the digest. SHA has 20. The digest string has to be entered as a hexadecimal string. In this
case, the agent need not generate any explicit digest. If the encrypted parameter is not used, the
user is expected to enter the authentication password string for MD5 or SHA. The agent converts
the password string to a digest, as described in RFC 3414.

The optional auth md5 | sha parameter defines the type of encryption the user must have to be
authenticated. The choices are MD5 and SHA encryption (the two authentication protocols used in
SNMP version 3).

The md5-password and sha-password define the password the user must use to be authenticated.
These password must have a minimum of 8 characters. If the encrypted parameter is used, then
the digest has 16 octets for MD5 or 20 octets for SHA.

See also other documents in the category Brocade Computer Accessories: