Nortel Networks NN47250-500 Creating a USM user for SNMPv3

Configuring SNMP 199

Nortel WLAN—Security Switch 2300 Series Configuration Guide

Creating a USM user for SNMPv3

To create a USM user for SNMPv3, use the following command:

set snmp usm usm-username

snmp-engine-id {ip ip-addr | local | hex hex-string}

access {read-only | read-notify | notify-only | read-write | notify-read-write}

auth-type {none | md5 | sha} {auth-pass-phrase string | auth-key hex-string}

encrypt-type {none | des | 3des | aes} {encrypt-pass-phrase string | encrypt-key hex-string}

To clear a USM user, use the following command:

clear snmp usm usm-username

The usm-username can be up to 32 alphanumeric characters long, with no spaces. You can configure up to 20 SNMPv3

users.

The snmp-engine-id option specifies a unique identifier for an instance of an SNMP engine. To send informs, you must

specify the engine ID of the inform receiver. To send traps and to allow get and set operations and so on, specify local as

the engine ID.

•hex hex-string—ID is a hexadecimal string.

•ip ip-addr—ID is based on the IP address of the station running the management application. Enter the IP address

of the station. WSS Software calculates the engine ID based on the address.

•local—Uses the value computed from the switch’s system IP address.

The access option specifies the access level of the user. The options are the same as the access options for community

strings. (See “Configuring community strings (SNMPv1 and SNMPv2c only)” on page 198.) The default is read-only.

The auth-type option specifies the authentication type used to authenticate communications with the remote SNMP

engine. You can specify one of the following:

•none—No authentication is used. This is the default.

•md5—Message-digest algorithm 5 is used.

•sha—Secure Hashing Algorithm (SHA) is used.

If the authentication type is md5 or sha, you can specify a passphrase or a hexadecimal key.

• To specify a passphrase, use the auth-pass-phrase string option. The string can be from 8 to 32 alphanumeric

characters long, with no spaces.

• To specify a key, use the auth-key hex-string option. Type a 16-byte hexadecimal string for MD5 or a 20-byte

hexadecimal string for SHA.

The encrypt-type option specifies the encryption type used for SNMP traffic. You can specify one of the following:

•none—No encryption is used. This is the default.

•des—Data Encryption Standard (DES) encryption is used.

•3des—Triple DES encryption is used.

•aes—Advanced Encryption Standard (AES) encryption is used.

If the encryption type is des, 3des, or aes, you can specify a passphrase or a hexadecimal key.