Technical Configuration Guide for SNMP

v2.0

December 2006

6. Configuring SNMPv3

The following are the configuration steps required to enable SNMPv3:

Load the DES or AES (release 4.1 only) Encryption Module

Adding a SNMP User USM

Assigning the USM as a member to a SNMPv3 USM group

Assigning the USM group access level of either authPriv, authNoPriv, or noAuthNoPriv

Assigning a MIB view to the USM group

6.1Loading the DES or AES Encryption Module

Prior to configuring SNMPv3 on the ERS 8600, the DES or AES encryption module must be loaded. Note that Advanced Encryption Standard (AES) is supported only release 4.1. The DES or AES module is required in order to provide secure communications between the user and the ERS 8600.

The AES standard is the current encryption standard (FIPS-197) intended to be used by the U.S. Government organizations to protect sensitive information. It is also becoming a global standard for commercial software and hardware that uses encryption or other security features.

Once the DES or AES encryption module is uploaded to the ERS 8600 (the file ends with a .des or .aes extension, i.e. p80c3700.des or p80c4100.aes), it can be loaded by typing the following command:

For single DES:

ERS-8610:5#config load-encryption-module DES /flash/<filename>.des

For single 3DES:

ERS-8610:5#config load-encryption-module 3DES /flash/<filename>.des

For AES:

ERS-8610:5#config load-encryption-module AES /flash/<filename>.aes

6.2Adding a New SNMPv3 User to USM Table

After the DES or AES module has been loaded, the switch is now ready for SNMPv3 configuration. The first step is to add a user to the USM (User-based Security Model) table. You can add a new user to the USM table by typing in the following command:

ERS-8610:5#config snmp-v3 usm create [User Name<1-32>] [authentication

protocol <md5sha>] auth [authentication password<1-32>] [priv-protocol <desaes>] priv [privacy password<1-32>]

In release 4.1, there is one additional change to support AES:

ERS-8610:5#config snmp-v3 usm create [User Name<1-32>] [authentication

protocol <md5sha>]

auth [authentication password<1-32>] priv [privacy

password<1-32>]

 

For example, the following will create a new user named “user1”, set the authentication protocol to MD5 with a password of “user1234” and a privilege password of userpriv:

______________________________________________________________________________________________________

NORTEL

External Distribution

23

Page 23 Page 25
Page 24
Image 24
Nortel Networks 8600 Configuring SNMPv3, Loading the DES or AES Encryption Module, Adding a New SNMPv3 User to USM Table
Page 23 Page 25

8600 specifications

Nortel Networks 8600 is a highly regarded member of the Nortel Ethernet routing portfolio, specifically designed to meet the demands of today's bandwidth-hungry environments. This advanced platform is a favorite for service providers and enterprises due to its scalability, reliability, and performance capabilities.

One of the standout features of the Nortel 8600 is its exceptional scalability. The platform supports a wide range of Ethernet services that can accommodate the growth of network applications without requiring significant overhaul. This scalability is driven by its ability to provide multiple 10 Gigabit and 100 Gigabit Ethernet ports, allowing organizations to expand their network as bandwidth needs increase.

The 8600 employs a robust architecture that enhances its performance. It utilizes a switching fabric that delivers high throughput and low latency, making it ideal for applications that demand real-time data transmission, such as voice over IP (VoIP) and video streaming. With support for high-density Ethernet, the 8600 can handle a large number of simultaneous connections, facilitating seamless experiences for end-users.

Another technological highlight of the Nortel 8600 is its integrated service capabilities. The platform incorporates advanced quality of service (QoS) features that prioritize bandwidth for critical applications, ensuring reliable performance even during peak usage times. The 8600 also supports comprehensive security protocols, providing peace of mind for organizations as they navigate the complexities of modern cybersecurity challenges.

Additionally, the platform offers advanced management features that simplify network administration. Built-in tools for monitoring and reporting enhance operational visibility, enabling IT teams to quickly identify and resolve issues. The 8600 is designed to integrate smoothly with existing networking environments, offering interoperability with multiple vendors and protocols, thus protecting investment in other technologies.

Energy efficiency is another characteristic of the Nortel 8600, making it a suitable choice for organizations keen on reducing operational costs and minimizing their environmental impact. The platform is built with energy-saving components and intelligent power management that allow businesses to operate sustainably.

Overall, the Nortel Networks 8600 is a sophisticated routing solution that integrates cutting-edge technologies to meet the demands of modern network environments, making it a preferred choice for organizations seeking a balance between performance, reliability, and cost-effectiveness.
Top Page Image Contents