Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentExtremeWare XOS Command
51525354555657585960
Using the Simple Network Management Protocol
ExtremeWare XOS 11.0 Concepts Guide 57
Every SNMPv3 engine necessarily maintains two objects: SNMPEngineBoots, which is the number of
reboots the agent has experienced and SNMPEngineTime, which is the local time since the engine reboot.
The engine has a local copy of these objects and the latestReceivedEngineTime for every authoritative
engine it wants to communicate with. Comparing these objects with the values received in messages
and then applying certain rules to decide upon the message validity accomplish protection against
message delay or message replay.
In a chassis, the snmpEngineID is generated using the MAC address of the MSM with which the switch
boots first.
The snmpEngineID can be configured from the command line, but once the snmpEngineID is changed,
default users will be reverted back to their original passwords/keys, and non-default users will be reset
to the security level of no authorization, no privacy. To set the snmpEngineID, use the following
command:
configure snmpv3 engine-id <hex_engine_id>
SNMPEngineBoots can also be configured from the command line. SNMPEngineBoots can be set to any
desired value but will latch on its maximum, 2147483647. To set the SNMPEngineBoots, use the
following command:
configure snmpv3 engine-boots <(1-2147483647)>
Users, Groups, and Security
SNMPv3 controls access and security using the concepts of users, groups, security models, and security
levels.
Users. Users are created by specifying a user name. Depending on whether the user will be using
authentication and/or privacy, you would also specify an authentication protocol (MD5 or SHA) with
password or key, and/or privacy (DES) password or key. To create a user, use the following command:
configure snmpv3 add user [[hex <hex_user_name>] | <user_name>] {authentication [md5 |
sha] [hex <hex_auth_password> | <auth_password>]} {privacy [hex <hex_priv_password> |
<priv_password>]} {volatile}
A number of default, permanent users are initially available. The default user names are: admin, initial,
initialmd5, initialsha, initialmd5Priv, initialshaPriv. The default password for admin is password. For the
other default users, the default password is the user name.
To display information about a user, or all users, use the following command:
show snmpv3 user {[[hex <hex_user_name>] | <user_name>]}
To delete a user, use the following command:
configure snmpv3 delete user [all-non-defaults | [[hex <hex_user_name>] |
<user_name>]]
NOTE
The SNMPv3 specifications describe the concept of a security name. In the ExtremeWare XOS
implementation, the user name and security name are identical. In this manual, both terms are used to
refer to the same thing.