Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks 8600 manual Configuration Example Using SNMPv3, Access

Models: 8600

1 41

Download 41 pages 17.31 Kb

Page 35

8. Configuration Example Using SNMPv3

Technical Configuration Guide for SNMP

v2.0

December 2006

8. Configuration Example Using SNMPv3

	SNMPv3
User 1	Access
User 1
User 2

For this configuration example, we wish to accomplish the following:

•Add User 1 to USM table with authentication protocol of MD5 and privacy protocol of DES, i.e. authPriv)

•Allow User 1 full MIB views with full permission starting the existing view “org”

•Add User 2 to USM table authentication protocol of MD5 with no privacy protocol, i.e. authNoPriv

•Allow User 2 full MIB read permission starting from the exiting “org” level, but exclude write permission from all Private Enterprise MIB’s

To accomplish the above, please follow the steps below.

A)Load the DES module:

1.Assuming the DES module has been installed on the ERS 8600 switch, enter the following command:

•ERS-8610:5#config load-encryption-module DES /flash/p80c3700.des

B)Add User 1 to USM table. In this example, we will use a user name of ‘user1’, a MD5 password of ‘user1234’, and a DES privacy password of ‘userpriv’

• ERS-8610:5#config snmp-v3 usm create user1 md5 auth user1234 priv userpriv

Or via 4.1.1

• ERS-8610:5#config snmp-v3 usm create user1 md5 auth user1234 priv-prot des priv userpriv

C)Add User 1 to USM group. In this configuration example, we will add ‘user1’ to USM group named “group_1”

1.Add ‘user1’ to group ‘group_1’:

•ERS-8610:5#config snmp-v3 group-member create user1 usm group_1

D)Assign Access Level to USM group:

1.Assign access level of ‘authPriv’ to USM group ‘group_1’

•ERS-8610:5#config snmp-v3 group-access create group_1 "" usm authPriv

E)Assign the Read and Write view to the USM group:

1.Assign to usm group ‘group_1’ read and write view to ‘org’:

______________________________________________________________________________________________________

NORTEL

External Distribution

34

Image 35

Nortel Networks 8600 Configuration Example Using SNMPv3, ERS-86105# config load-encryption-module DES /flash/p80c3700.des

Contents

Enterprise Network Engineering Document Date December 15 Technical Configuration Guide for SNMPEthernet Routing Switch EngineeringDisclaimer External Distribution AbstractDecember NORTEL8. CONFIGURATION EXAMPLE USING SNMPV3 Table of ContentsSNMP WITH RADIUS AUTHENTICATION AND ACCOUNTING CONFIGURATION EXAMPLE CHANGING SNMP COMMUNITIESNORTEL List of FiguresList of Tables DecemberFigure 1 SNMPv3 USM 1. SNMPv3 Overview2.1 Hidden File Details 2. SNMP Upgrade Considerations3. Blocking SNMP ERS-86105# config bootconfig flags block-snmp trueERS-86105# config bootconfig flags block-snmp false PP8600-B6# config snmp-v3 mib-view create v1v2only 1.3.6 type excludeERS-86065# config sys access-policy policy 1..65535 service ? ERS-86065# config sys access-policy enable true/falseERS-86065# config sys access-policy policy ERS-86065# config sys access-policy policy 1..65535 ?ERS-86065# config sys access-policy policy 2 create 3.3 SNMP Group Access Policy - Release 3.7.9, 4.1 or higher3.2.1 Configuration Example Blocking SNMP via an Access Policy ERS-86065# config sys access-policy enable trueERS-86065# config sys access-policy policy 2 create 3.3.1 SNMPv3 Group Access Policy Configuration ExampleERS-86105# config sys access-policy policy 1 service ? ERS-86065# config sys access-policy enable trueERS-86105# config sys access-policy policy 2 service snmpv3 enable 3.3.2 SNMPv1/2 Group Access Policy Configuration ExampleERS-86105# config sys access-policy policy 2 access-strict true ERS-86105# config sys access-policy policy 2 service telnet enableERS-86065# config sys access-policy policy 2 accesslevel rwa ERS-86065# config sys access-policy enable trueERS-86065# config sys access-policy policy 2 create ERS-86065# config sys access-policy policy 2 name policy23.3.3 SNMP Community Strings config snmp-v3 community create followed by ERS-86065# config sys set snmp community rorwl2l3rwa commstringERS-86065# config sys set snmp trap-recv ipaddr v2c public Where 3.3.4 Modifying and/or adding community strings ERS-86065# config snmp-v3 community infoERS8600G3# config snmp-v3 community info Parameter ERS-86065# config snmp-v3 community delete index1ERS-86065# config snmp-v3 community delete index2 ERS-86065# config snmp-v3 community create third readonly readviewERS-86065# show snmp-v3 notify info ERS-86065# config snmp-v3 notify ?ERS-86065# config snmp-v3 notify create Trap2 tag trapTag2 type trap ERS-86065# config snmp-v3 target-addr ?ERS-86105# config snmp-v3 target-param info ERS-86065# config snmp-v3 target-addr delete TAddr1ERS-86065# config snmp-v3 target-addr info ERS-86065# config bootconfig flags hsecure falsetrue 3.4 New Default Community Strings in High Secure hsecure ModeERS-86065# config ip circuitless-ip-int 1 create 1.1.1.1/32 4. SNMP SettingsERS-86065# config sys set snmp ? config sys set snmpNORTEL Technical Configuration Guide for SNMPv2.0 December5. SNMP with RADIUS Authentication and Accounting ERS-86105# config load-encryption-module AES /flash/filename.aes 6. Configuring SNMPv3ERS-86105# config load-encryption-module DES /flash/filename.des ERS-86105# config load-encryption-module 3DES /flash/filename.des6.3 Assign USM User to USM Group ERS-86105# config snmp-v3 usm infoERS-86105# config snmp-v3 group-member create user1 usm groupexample ERS-8610-C5# config snmp-v3 group-member infoERS-86105# config snmp-v3 group-access info 6.4 Assigning the USM Group Access LevelERS-86105# config snmp-v3 group-access info ERS-86105# config snmp-v3 mib-view info6.5 Assigning the MIB View to the USM Group Figure 2 MIB Structure 6.6 Creating a MIB ViewERS-86105# config snmp-v3 mib-view info ERS-86065# config sys set snmp community ro ro567pp8600 7. Configuration Example Changing SNMP Communities7.1 Configuration Example SNMP Communities with Release ERS-86065# config sys set snmp community rwa rwa123pp86007.2 Configuration Example Changing the Default SNMP Community Name with Release 3.7 or initialview ERS-8610-C5# config snmp-v3 community infoERS-8610-C5# config snmp-v3 group-access info ERS-8610-C5# config snmp-v3 group-member infov1v2only ERS-8610-C5# config snmp-v3 mib-view infov1v2only v1v2only7.4 Testing SNMP Using Device Manager ERS-86105# config snmp-v3 group-member create private snmpv1 noprivate ERS-86105# config snmp-v3 group-access create group1 usm authPriv 8. Configuration Example Using SNMPv3ERS-86105# config load-encryption-module DES /flash/p80c3700.des ERS-86105# config snmp-v3 group-member create user1 usm group1ERS-86105# config snmp-v3 group-access create group1 usm authNoPriv 8.1 Testing SNMPv3 Using Device ManagerERS-86105# config snmp-v3 usm create user2 md5 auth user2abcd ERS-86105# config snmp-v3 group-member create user2 usm group1External Distribution 9. Software BaselineDecember NORTELDescription 10. Reference DocumentationDocument Title Publication11.2 From Configuration Example 11. Appendix A Configuration Files11.1 From Configuration Example Technical Configuration Guide for SNMP Contact us