Technical Configuration Guide for SNMP | v2.0 | December 2006 |
6. Configuring SNMPv3
The following are the configuration steps required to enable SNMPv3:
•Load the DES or AES (release 4.1 only) Encryption Module
•Adding a SNMP User USM
•Assigning the USM as a member to a SNMPv3 USM group
•Assigning the USM group access level of either authPriv, authNoPriv, or noAuthNoPriv
•Assigning a MIB view to the USM group
6.1Loading the DES or AES Encryption Module
Prior to configuring SNMPv3 on the ERS 8600, the DES or AES encryption module must be loaded. Note that Advanced Encryption Standard (AES) is supported only release 4.1. The DES or AES module is required in order to provide secure communications between the user and the ERS 8600.
The AES standard is the current encryption standard
Once the DES or AES encryption module is uploaded to the ERS 8600 (the file ends with a .des or .aes extension, i.e. p80c3700.des or p80c4100.aes), it can be loaded by typing the following command:
For single DES:
•ERS-8610:5# config load-encryption-module DES /flash/<filename>.des
For single 3DES:
•ERS-8610:5# config load-encryption-module 3DES /flash/<filename>.des
For AES:
•ERS-8610:5# config load-encryption-module AES /flash/<filename>.aes
6.2Adding a New SNMPv3 User to USM Table
After the DES or AES module has been loaded, the switch is now ready for SNMPv3 configuration. The first step is to add a user to the USM
•ERS-8610:5# config snmp-v3 usm create [User Name<1-32>] [authentication
protocol <md5sha>] auth [authentication
In release 4.1, there is one additional change to support AES:
•
protocol <md5sha>] | auth [authentication |
|
|
For example, the following will create a new user named “user1”, set the authentication protocol to MD5 with a password of “user1234” and a privilege password of userpriv:
______________________________________________________________________________________________________
NORTEL | External Distribution | 23 |