About Aes Encryption-Based Privacy; Configuring Snmp Users From The Cli - HP Cisco MDS 9020 - Fabric Switch Configuration Manual
Cisco mds 9000 family cli configuration guide, release 3.x (ol-16184-01, april 2008)
Hide thumbs
Also See for Cisco MDS 9020 - Fabric Switch:
- Service manual (242 pages) ,
- Configuration manual (1384 pages) ,
- Handbook (141 pages)
Table of Contents
Advertisement
Chapter 31
Configuring SNMP
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
About AES Encryption-Based Privacy
The Advanced Encryption Standard (AES) is the symmetric cipher algorithm. The Cisco SAN-OS
software uses AES as one of the privacy protocols for SNMP message encryption and conforms with
RFC 3826.
The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The
priv option along with the aes-128 token indicates that this privacy password is for generating a 128-bit
AES key.The AES priv password can have a minimum of eight characters. If the passphrases are
specified in clear text, you can specify a maximum of 64 characters. If you use the localized key, you
can specify a maximum of 130 characters.
For an SNMPv3 operation using the external AAA server, user configurations in the external AAA server
Note
require AES to be the privacy protocol to use SNMP PDU encryption.
Configuring SNMP Users from the CLI
The passphrase specified in the snmp-server user command and the username command are
synchronized (see the
To create or modify SNMP users from the CLI, follow these steps:
Command
Step 1
switch# config t
switch(config)#
Step 2
switch(config)# snmp-server user joe
network-admin auth sha abcd1234
switch(config)# snmp-server user sam
network-admin auth md5 abcdefgh
switch(config)# snmp-server user Bill
network-admin auth sha abcd1234 priv
abcdefgh
switch(config)# no snmp-server user
usernameA
switch(config)# no snmp-server usam role
vsan-admin
switch(config)# snmp-server user user1
network-admin auth md5 0xab0211gh priv
0x45abf342 localizedkey
switch(config)# snmp-server
auth md5 asdgfsadf priv aes-128
asgfsgkhkj
Step 3
switch(config)# snmp-server user joe
sangroup
switch(config)# snmp-server user joe
techdocs
OL-16184-01, Cisco MDS SAN-OS Release 3.x
"SNMPv3 CLI User Management and AAA Integration" section on page
user user2
Purpose
Enters configuration mode.
Creates or modifies the settings for a user (joe) in the
network-admin role using the HMAC-SHA-96
authentication password (abcd1234).
Creates or modifies the settings for a user (sam) in the
network-admin role using the HMAC-MD5-96
authentication password (abcdefgh).
Creates or modifies the settings for a user (Bill) in the
network-admin role using the HMAC-SHA-96
authentication level and privacy encryption
parameters.
Deletes the user (usernameA) and all associated
parameters.
Deletes the specified user (usam) from the vsan-admin
role.
Specifies the password to be in localized key format
(RFC 2574). The localized key is provided in
hexadecimal format (for example, 0xacbdef).
Configures the user2 with the MD5 authentication
protocol and AES-128 privacy protocol.
Adds the specified user (joe) to the sangroup role.
Adds the specified user (joe) to the techdocs role.
Cisco MDS 9000 Family CLI Configuration Guide
Creating and Modifying Users
31-3).
31-5
Advertisement
Chapters
Table of Contents
Troubleshooting
