Configuration Task List For Snmp; Related Configuration Tasks - Dell S4048–ON Configuration Manual
S-series 10gbe switches
Hide thumbs
Also See for S4048–ON:
- Configuration manual (1146 pages) ,
- Deployment manual (78 pages) ,
- Troubleshooting manual (29 pages)
Table of Contents
Advertisement
Table 84. Authentication and Privacy Options
FIPS Mode
Disabled
Enabled
To enable security for SNMP packets transferred between the server and the client, you can use the snmp-server user
username group groupname 3 auth authentication-type auth-password priv aes128 priv-password
command to specify that AES-CFB 128 encryption algorithm needs to be used.
Dell(conf)#snmp-server user snmpguy snmpmon 3 auth sha AArt61wq priv aes128 jntRR59a
In this example, for a specified user and a group, the AES128-CFB algorithm, the authentication password to enable the server to
receive packets from the host, and the privacy password to encode the message contents are configured.
SHA authentication needs to be used with the AES-CFB128 privacy algorithm only when FIPS is enabled because SHA is then the
only available authentication level. If FIPS is disabled, you can use MD5 authentication in addition to SHA authentication with the
AES-CFB128 privacy algorithm
You cannot modify the FIPS mode if SNMPv3 users are already configured and present in the system. An error message is displayed
if you attempt to change the FIPS mode by using the fips mode enable command in Global Configuration mode. You can
enable or disable FIPS mode only if SNMPv3 users are not previously set up. If previously configured users exist on the system, you
must delete the existing users before you change the FIPS mode.
Keep the following points in mind when you configure the AES128-CFB algorithm for SNMPv3:
1.
SNMPv3 authentication provides only the sha option when the FIPS mode is enabled.
2.
SNMPv3 privacy provides only the aes128 privacy option when the FIPS mode is enabled.
3.
If you attempt to enable or disable FIPS mode and if any SNMPv3 users are previously configured, an error message is
displayed stating you must delete all of the SNMP users before changing the FIPS mode.
4.
A message is logged indicating whether FIPS mode is enabled for SNMPv3. This message is generated only when the first
SNMPv3 user is configured because you can modify the FIPS mode only when users are not previously configured. This log
message is provided to assist your system security auditing procedures.
Configuration Task List for SNMP
Configuring SNMP version 1 or version 2 requires a single step.
NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only
one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these
configurations use SNMP version 2c.
•
Creating a Community
Configuring SNMP version 3 requires configuring SNMP users in one of three methods. Refer to
(SNMPv3).
Related Configuration Tasks
•
Managing Overload on Startup
•
Reading Managed Object Values
•
Writing Managed Object Values
Privacy Options
des56
(DES56-CBC)
aes128 (AES128-CFB)
aes128 (AES128-CFB)
Authentication Options
md5 (HMAC-MD5-96)
sha (HMAC-SHA1-96)
sha (HMAC-SHA1-96)
Setting Up User-Based Security
Simple Network Management Protocol (SNMP)
797
Advertisement
Table of Contents
Troubleshooting
