Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

121

122

123

124

125

126

127

128

129

130

Configuring SNMP

6-4 Configuring SNMP

•Tospecifyakey,usetheauth‐keyhex‐stringoption.Typea16‐bytehexadecimalstringfor

MD5ora20‐bytehexadecimalstringforSHA.

Theencrypt‐typeoptionspecifiestheencryptiontypeusedforSNMPtraffic.Youcanspecifyone

ofthefollowing:

• none—Noencryptionisused.

Thisisthedefault.

• des—DataEncryptionStandard(DES)encryptionisused.

• 3des—TripleDESencryptionisused.

• aes—AdvancedEncryptionStandard(AES)encryptionisused.

Iftheencryptiontypeisdes,3des,oraes,youcanspecifyapassphraseorahexadecimalkey.

•Tospecifyapassphrase,usetheencrypt‐

pass‐phrasestringoption.Thestringcanbefrom8to

32alphanumericcharacterslong,withnospaces.Typeastringatleast8characterslongfor

DESor3DES,oratleast12characterslongforAES.

•Tospecifyakey,usetheencrypt‐keyhex‐stringoption.Typea

16‐bytehexadecimalstring.

Examples

ThefollowingcommandcreatesUSMusersnmpmgr1,associatedwiththelocalSNMPengineID.

Thisusercansendtrapstonotificationreceivers.

set snmp usm snmpmgr1 snmp-engine-id local

success: change accepted.

ThefollowingcommandcreatesUSMusersecuresnmpmgr1,whichusesSHAa uthenticationand

3DESencryptionwithpassphrases.Thisusercansendinformstothenotificationreceiverthathas

engineID192.168.40.2.

set snmp usm securesnmpmgr1 snmp-engine-id ip 192.168.40.2 auth-type sha auth-

pass-phrase myauthpword encrypt-type 3des encrypt-pass-phrase mycryptpword

success: change accepted.

Setting SNMP Security

Bydefault,MSSallowsnonsecureSNMPmessageexchanges.YoucanconfigureMSStorequire

secureSNMPexchangesinstead.

DependingonthelevelofsecurityyouwantMSStoenforce,youcanrequireauthenticationof

messageexchangesonly,orofmessageexchangesandnotifications.Youalsocanrequire

encryptioninadditionto

authentication.

SNMPv1andSNMPv2c donotsupportauthenticationorencryption.IfyouplantouseSNMPv1

orSNMPv2c,leavetheminimumlevelofSNMPsecuritysettounsecured.

TosettheminimumlevelofsecurityMSSrequiresforSNMP,usethefollowingcommand:

set snmp security {unsecured | authenticated | encrypted | auth-req-unsec-notify}

Youcanspecifyoneofthefollowingoptions:

• unsecured—SNMPmessageexchangesarenotsecure.Thisisthedefault,andistheonly

valuesupportedforSNM Pv1andSNMPv2c.(Thissecuritylevelisthesameasthe

noAuthNoPrivleveldescribedinSNMPv3RFCs.)