Addendum

ManualsBrandsDell ManualsComputer equipmentPowerEdge M IO Aggregator

251

252

253

254

255

256

257

258

259

260

SHA authentication needs to be used with the AES-CFB128 privacy algorithm only when FIPS is enabled

because SHA is then the only available authentication level. If FIPS is disabled, you can use MD5

authentication in addition to SHA authentication with the AES-CFB128 privacy algorithm

You cannot modify the FIPS mode if SNMPv3 users are already configured and present in the system. An

error message is displayed if you attempt to change the FIPS mode by using the fips mode enable

command in Global Configuration mode. You can enable or disable FIPS mode only if SNMPv3 users are

not previously set up. If previously configured users exist on the system, you must delete the existing

users before you change the FIPS mode.

Keep the following points in mind when you configure the AES128-CFB algorithm for SNMPv3:

1. SNMPv3 authentication provides only the sha option when FIPS mode is enabled.

2. SNMPv3 privacy provides only the aes128 privacy option when FIPS mode is enabled.

3. If you attempt to enable or disable FIPS mode and if any SNMPv3 users are previously configured, an

error message is displayed stating you must delete all of the SNMP users before changing the FIPS

mode.

4. A message is logged indicating whether FIPS mode is enabled for SNMPv3. This message is

generated only when the first SNMPv3 user is configured because you can modify the FIPS mode

only when users are not previously configured. This log message is provided to assist your system

security auditing procedures.

snmp-server user (for AES128-CFB Encryption)

Specify that AES128-CFB encryption algorithm needs to be used for transmission of SNMP information.

The Advanced Encryption Standard (AES) Cipher Feedback (CFB) 128-bit encryption algorithm is in

compliance with RFC 3826. RFCs for SNMPv3 define two authentication hash algorithms, namely, HMAC-

MD5-96 and HMAC-SHA1-96. These are the full forms or editions of the truncated versions, namely,

HMAC-MD5 and HMAC-SHA1 authentication algorithms.

NOTE: Only the options that have been newly introduced are described here. For a complete

description on all of the keywords and variables that are available with this command, refer the

respective Command Reference Guide of the applicable platform of the Release 9.2.0.0

documentation set.

Z-Series S4810 S4820T S6000 MXL I/O Aggregator

Syntax

snmp-server user name {group_name remote ip-address udp-port

port-number} [1 | 2c | 3] [encrypted] [auth {md5 | sha} auth-

password] [priv {des56 | aes128–cfb} priv– password] [access

access-list-name | ipv6 access-list-name | access-list-name

ipv6 access-list-name]

To remove a user from the SNMP group, use the no snmp-server user name

{group_name remote ip-address udp-port port-number} [1 | 2c |

3] [encrypted] [auth {md5 | sha} auth-password] [priv {des56 |

aes128–cfb} priv-password] [access access-list-name | ipv6

access-list-name | access-list-name ipv6 access-list-name]

command.

Parameters

auth-password (OPTIONAL) Enter a text string (up to 20 characters long)

password that enables the agent to receive packets from the

254

Simple Network Management Protocol (SNMP)