Brocade Communications Systems 6650 Defining an SNMP user account

Brocade ICX 6650 Administration Guide 161

53-1002600-01

User-based security model 6

NOTE

This command is not used for SNMP version 1 and SNMP version 2. In these versions, groups and

group views are created internally using community strings. (refer to “SNMP community strings” on

page156.) When a community string is created, two groups are created, based on the community

string name. One group is for SNMP version 1 packets, while the other is for SNMP version 2

packets.

The group <groupname> parameter defines the name of the SNMP group to be created.

The v1, v2, or v3 parameter indicates which version of SNMP is used. In most cases, you will be

using v3, since groups are automatically created in SNMP versions 1 and 2 from community

strings.

The auth | noauth parameter determines whether or not authentication will be required to access

the supported views. If auth is selected, then only authenticated packets are allowed to access the

view specified for the user group. Selecting noauth means that no authentication is required to

access the specified view. Selecting priv means that an authentication password will be required

from the users.

The access <standard-ACL-id> parameter is optional. It allows incoming SNMP packets to be

filtered based on the standard ACL attached to the group.

The read <viewstring> | write <viewstring> parameter is optional. It indicates that users who

belong to this group have either read or write access to the MIB.

The <viewstring> variable is the nam e of the view to wh ich the SNMP gro up memb ers have access.

If no view is specified, then the group has no access to the MIB.

The value of <viewstring> is defined using the snmp-server view command. The SNMP agent

comes with the "all" default view, which provides access to the entire MIB; however, it must be

specified when creating the group. The "all" view also allows SNMP version 3 to be backwards

compatibility with SNMP version 1 and version 2.

NOTE

If you will be using a view other than the "all" view, that view must be configured before creating the

user group.Refer to the section “SNMP v3 configuration examples” on page169, especially for

details on the include | exclude parameters.

Defining an SNMP user account

The snmp-server user command does the following:

•Creates an SNMP user.

•Defines the group to which the user will be associated.

•Defines the type of authentication to be used for SNMP access by this user.

•Specifies one of the following encryption types used to encrypt the privacy password:

•Data Encryption Standard (DES) – A symmetric-key algorithm that uses a 56-bit key.

•Advanced Encryption Standard (AES) – The 128-bit encryption standard adopted by the

U.S. government. This standard is a symmetric cipher algorithm chosen by the National

Institute of Standards and Technology (NIST) as the replacement for DES.

Here is an example of how to create an SNMP User account.

Brocade(config)#snmp-s user bob admin v3 access 2 auth md5 bobmd5 priv des bobdes