3 Configuring the Switch

v2c or v3) and security level (i.e., authentication and privacy).

4.Assign SNMP users to groups, along with their specific authentication and privacy passwords.

Setting a Local Engine ID

An SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine protects against message replay, delay, and redirection. The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets.

A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engineID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users.

A new engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are specified, trailing zeroes are added to the value. For example, the value “1234” is equivalent to “1234” followed by 22 zeroes.

Web – Click SNMP, SNMPv3, Engine ID. Enter an ID of up to 26 hexadecimal characters and then click Save.

Figure 3-27 Setting the SNMPv3 Engine ID

CLI – This example sets an SNMPv3 engine ID.

Console(config)#snmp-server engine-id local 12345abcdef

4-123

Console(config)#exit

 

Console#show snmp engine-id

4-124

Local

SNMP

engineID: 8000002a8000000000e8666672

 

Local

SNMP

engineBoots: 1

 

Console#

Specifying a Remote Engine ID

To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.

SNMP passwords are localized using the engine ID of the authoritative agent. For informs, the authoritative SNMP agent is the remote agent. You therefore need to

3-44

Page 88
Image 88
Accton Technology ES3526XA, ES3552XA manual Setting a Local Engine ID, Specifying a Remote Engine ID, 123, 124