Configuring SNMP 159

Creating a USM User for SNMPv3

To create a USM user for SNMPv3, use the following command:

set snmp usm usm-username

snmp-engine-id {ip ip-addrlocal hex hex-string}

access {read-only read-notify notify-only read-write notify-read-write}auth-type {none md5 sha} {auth-pass-phrase string auth-key hex-string}encrypt-type {none des 3des aes} {encrypt-pass-phrase string encrypt-key hex-string}

To clear a USM user, use the following command:

clear snmp usm usm-username

The usm-usernamecan be up to 32 alphanumeric characters long, with no spaces. You can configure up to 10 SNMPv3 users.

The snmp-engine-idoption specifies a unique identifier for an instance of an SNMP engine. To send informs, you must specify the engine ID of the inform receiver. To send traps and to allow get and set operations and so on, specify local as the engine ID.

hex hex-string—ID is a hexadecimal string.

ip ip-addr—ID is based on the IP address of the station running the management application. Enter the IP address of the station. WSS Software calculates the engine ID based on the address.

local—Uses the value computed from the switch’s system IP address.

The access option specifies the access level of the user. The options are the same as the access options for community strings. (See “Configuring Community Strings (SNMPv1 and SNMPv2c Only)” on page 158.) The default is read-only.

The auth-typeoption specifies the authentication type used to authenticate communications with the remote SNMP engine. You can specify one of the following:

none—No authentication is used. This is the default.

md5—Message-digest algorithm 5 is used.

sha—Secure Hashing Algorithm (SHA) is used.

If the authentication type is md5 or sha, you can specify a passphrase or a hexadecimal key.

To specify a passphrase, use the auth-pass-phrasestring option. The string can be from 8 to 32 alphanumeric characters long, with no spaces.

To specify a key, use the auth-keyhex-stringoption.

The encrypt-typeoption specifies the encryption type used for SNMP traffic. You can specify one of the following:

none—No encryption is used. This is the default.

des—Data Encryption Standard (DES) encryption is used.

3des—Triple DES encryption is used.

aes—Advanced Encryption Standard (AES) encryption is used.

If the encryption type is des, 3des, or aes, you can specify a passphrase or a hexadecimal key.

To specify a passphrase, use the encrypt-pass-phrasestring option. The string can be from 8 to 32 alphanumeric characters long, with no spaces.

Nortel WLAN Security Switch 2300 Series Configuration Guide

Page 159
Image 159
Nortel Networks 2300 manual Creating a USM User for SNMPv3, Clear snmp usm usm-username