Snmpv3 Configuration Steps; Loading The Des Or Aes Encryption Module; Adding A New Snmpv3 User - Avaya VSP 4000 Technical Configuration Manual

8.13 SNMPv3 Configuration Steps

The following are the configuration steps required to enable SNMPv3:

Load the DES or AES Encryption Module

Setting SNMPv3 security level option

Adding a SNMP User USM

Assigning the USM as a member to a SNMPv3 USM group

Assigning the USM group access level of either authPriv, authNoPriv, or noAuthNoPriv

Assigning a MIB view to the USM group

8.13.1 Loading the DES or AES Encryption Module

In order to use SNMPv3 USM group access level authPriv, the DES or AES encryption module must be
loaded. The DES or AES module is required in order to provide secure communications (encryption)
between the user and the VSP switch.
The AES standard is the current encryption standard (FIPS-197) intended to be used by the U.S.
Government organizations to protect sensitive information. It is also becoming a global standard for
commercial software and hardware that uses encryption or other security features.
Once the DES or AES encryption module is uploaded to the VSP switch (on VSP900 and VOSS prior to
4.2, the encryption module file VSPxxxx_modules.tgz must be added to the primary software load). It can
be loaded by typing the following command:
For single DES:
VSPswitch(config)#load-encryption-module DES
For AES:
VSPswitch(config)#load-encryption-module AES
In VOSS release 4.2 for the VSP 4000 and VSP 8000, the encryption modules are automatically

linked with the application image, thus there is no need to manually load them via the ACLI
commands shown above.

8.13.2 Adding a New SNMPv3 User

The first step is to add a user to the USM (User-based Security Model) table. You can add a new user to
the USM table by typing in the following command:
VSPswitch(config)#snmp-server user <user name> <md5|sha> [authentication
password<1-32>] <des|aes> [privacy password<1-32>]
March 2015
Avaya Inc. – External Distribution
avaya.com
112