beautypg.com

Snmp-server engineid local – Allied Telesis AT-S95 CLI User Manual

Page 208

background image

Page 196

Not approved by Document Control. For review only.

Allied Telesis

Command Line Interface User’s Guide

snmp-server engineID local

The snmp-server engineID local Global Configuration mode command specifies the Simple Network
Management Protocol (SNMP) engineID on the local device. Use the no form of this command to remove the
configured engine ID.

Syntax

snmp-server engineID local {engineid-string | default}

no snmp-server engineID local

Parameters

engineid-string—Specifies a character string that identifies the engine ID. (Range: 5-32 characters)

default—The engine ID is created automatically based on the device MAC address.

Default Configuration

The engine ID is not configured.

If SNMPv3 is enabled using this command, and the default is specified, the default engine ID is defined per
standard as:

First 4 octets — first bit = 1, the rest is IANA Enterprise number = 674.

Fifth octet — set to 3 to indicate the MAC address that follows.

Last 6 octets — MAC address of the device.

Command Mode

Global Configuration mode

User Guidelines

To use SNMPv3, you have to specify an engine ID for the device. You can specify your own ID or use a default
string that is generated using the MAC address of the device.

If the SNMPv3 engine ID is deleted or the configuration file is erased, SNMPv3 cannot be used. By default,
SNMPv1/v2 are enabled on the device. SNMPv3 is enabled only by defining the Local Engine ID.

If you want to specify your own ID, you do not have to specify the entire 32-character engine ID if it contains
trailing zeros. Specify only the portion of the engine ID up to the point where just zeros remain in the value. For
example, to configure an engine ID of 123400000000000000000000, you can specify snmp-server engineID local
1234.

Since the engine ID should be unique within an administrative domain, the following is recommended:

For a standalone device, use the default keyword to configure the engine ID.

For a stackable system, configure the engine ID and verify its uniqueness.

Changing the value of the engine ID has the following important side-effect. A user's password (entered on the
command line) is converted to an MD5 or SHA security digest. This digest is based on both the password and the
local engine ID. The user’s command line password is then destroyed, as required by RFC 2274. As a result, the
security digests of SNMPv3 users become invalid if the local value of the engine ID change, and the users will
have to be reconfigured.

You cannot specify an engine ID that consists of all 0x0, all 0xF or 0x000000001.

See also other documents in the category Allied Telesis Computer hardware: