Huawei AR150/200 Series Configuration Manual page 35

Huawei AR150&200 Series Enterprise Routers
Configuration Guide - Network Management
If the network or network devices are in an environment lacking security (for example, the
network is vulnerable to attacks), authentication or privacy can be configured in the command
to enable data authentication or encryption.
The available authentication and encryption modes are as follows:
l Authentication without encryption: Only authentication is configured in the command. This
l No authentication and no encryption: noauth is configured in the command. This mode is
l Authentication and encryption: privacy is configured in the command. This mode is
Step 5 Run:
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha }
authkey [ privacy-mode { aes128 | des56 } prikey | plain-text ] ] [ acl standard-
acl ]
A user is added to the SNMPv3 user group.
After a user is added to the user group, the NM station that uses the name of the user can access
the objects in the Viewdefault view (1.3.6.1).
If authentication and encryption have been enabled for the user group, the following
authentication and encryption modes can be configured for the data transmitted on the network.
l Authentication mode
l Encryption mode
Step 6 Run:
snmp-agent target-host trap-paramsname paramsname v3 securityname securityname
{ authentication | noauthnopriv | privacy } [ binding-private-value ]
netmanager ]
The parameters of the trap messages sent from device are configured.
Step 7 Run:
snmp-agent target-host trap-hostname hostname address ipv4-addr [ udp-port udp-
portid ] [ public-net | vpn-instance vpn-instance-name ] trap-paramsname paramsname
Issue 02 (2012-03-30)
mode is applicable to secure networks managed by many administrators who may frequently
perform operations on the same device. In this mode, only the authenticated administrators
can access the managed device.
applicable to secure networks managed by a specified administrator.
applicable to insecure networks managed by many administrators who may frequently
perform operations on the same device. In this mode, only the authenticated administrators
can access the managed device, and transmitted data is encrypted to guard against
interception and data leaking.
NOTE
When configuring a security level for a user, ensure that the security level for the user is not lower than
the security level of the SNMP group to which the user belongs; otherwise, communication fails. If the
security level configured for the user is no authentication and no encryption, the user has permission to
access objects within MIB-2 and has only read property.
– Message Digest 5 (MD5): generates a 128-bit message digest for an input message of any
length.
– Secure Hash Algorithm (SHA-1): generates a 160-bit message digest for an input message
64
of less than 2 bits.
MD5 is faster than SHA-1, but is considered less secure.
– AES uses a 128-bit key to encrypt a 128-bit plain text block.
– DES uses a 56-bit key to encrypt a 64-bit plain text block.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1 SNMP Configuration
[ private-
24