Defining an snmp user account – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 203

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

169

53-100305301

Establishing SNMP community strings

The value of <viewstring> is defined using the snmp-server view command. The SNMP agent
comes with the "all" default view, which provides access to the entire MIB; however, it must be
specified when creating the group. The "all" view also allows SNMP version 3 to be backwards
compatibility with SNMP version 1 and version 2.

NOTE

If you will be using a view other than the "all" view, that view must be configured before creating the
user group.Refer to the section

“SNMP v3 Configuration examples”

on page 175, especially for

details on the include | exclude parameters.

Defining an SNMP user account

The snmp-server user command does the following:

Creates an SNMP user.

Defines the group to which the user will be associated.

Defines the type of authentication to be used for SNMP access by this user.

Specifies one of the following encryption types used to encrypt the privacy password:

Data Encryption Standard (DES) – A symmetric-key algorithm that uses a 56-bit key.

Advanced Encryption Standard (AES) – The 128-bit encryption standard adopted by the
U.S. government. This standard is a symmetric cipher algorithm chosen by the National
Institute of Standards and Technology (NIST) as the replacement for DES.

Here is an example of how to create an SNMP User account.

TurboIron(config)#snmp-s user bob admin v3 access 2 auth md5 bobmd5 priv des

bobdes

The CLI for creating SNMP version 3 users has been updated as follows.

Syntax: [no] snmp-server user <name> <groupname> v3 [[access <standard-ACL-id>]

[[encrypted] [auth md5 <md5-password> | sha <sha-password>]
[priv [encrypted] des <des-password-key> | aes <aes-password-key>]]]

The <name> parameter defines the SNMP user name or security name used to access the
management module.

The <groupname> parameter identifies the SNMP group to which this user is associated or
mapped. All users must be mapped to an SNMP group. Groups are defined using the snmp-server
group command.

NOTE

The SNMP group to which the user account will be mapped should be configured before creating the
user accounts; otherwise, the group will be created without any views. Also, ACL groups must be
configured before configuring user accounts.

The v3 parameter is required.

The access <standard-ACL-id> parameter is optional. It indicates that incoming SNMP packets are
filtered based on the ACL attached to the user account.

Advertising
Popular Brands
Popular manuals