Enforcing Snmpv3 Message Encryption - HP Cisco MDS 9020 - Fabric Switch Configuration Manual

Creating and Modifying Users
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
To create or modify passwords for SNMP users from the CLI, follow these steps:
Command
Step 1
switch# config t
switch(config)#
Step 2
switch(config)# snmp-server user user1
role1 auth md5 0xab0211gh priv
0x45abf342 localizedkey
switch(config)# snmp-server user user1
role2 auth sha 0xab0211gh priv aes-128
0x45abf342 localizedkey
Avoid using the localizedkey option when configuring an SNMP user from the CLI. The localized keys
Caution
are not portable across devices as they contain device engine ID information. If a configuration file is
copied to the device, the passwords may not be set correctly if the configuration file was generated at a
different device. Explicitly configure the desired passwords after copying the configuration into the
device. Passwords specified with the localizedkey option are limited to 130 characters.
The snmp-server user command takes the engineID as an additional parameter. The engineID creates
Note
the notification target user (see the
If the engineID is not specified, the local user is created.

Enforcing SNMPv3 Message Encryption

By default the SNMP agent allows the securityLevel parameters of authNoPriv and authPriv for the
SNMPv3 messages that use user-configured SNMPv3 message encryption with auth and priv keys.
To enforce the message encryption for a user, follow these steps:
Command
Step 1
switch# config t
switch(config)#
Step 2
switch(config)# snmp-server user
testUser enforcePriv
switch(config)# no snmp-server
user testUser enforcePriv
Cisco MDS 9000 Family CLI Configuration Guide
31-6
Purpose
Enters configuration mode.
Specifies the password to be in localized key format
using the DES option for security encryption.
Specifies the password to be in localized key format
using the 128-bit AES option for security encryption
"Configuring the Notification Target User" section on page
Purpose
Enters configuration mode.
Enforces the message encryption for SNMPv3 messages
using this user.
You can only use this command for previously
Note
existing users configured with both auth and priv
keys. When the user is configured to enforce privacy,
for any SNMPv3 PDU request using securityLevel
parameter of either noAuthNoPriv or authNoPriv, the
SNMP agent responds with authorizationError.
Disables SNMPv3 message encryption enforcement.
Chapter 31 Configuring SNMP
OL-16184-01, Cisco MDS SAN-OS Release 3.x
31-12).