Sec. 6.1.4, Section 6.1.4 – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

6.1.4

Secure management using SNMPv3

To manage a unit securely via SNMP, SNMPv3 should be used. SNMPv3 provides
privacy and integrity (per packet authentication) to the SNMP messages.

SNMPv3 introduces the notion of a SNMPv3 user, as opposed to the community
concept used in SNMPv1/v2c. The following parameters can be configured for an
SNMPv3 user.

❼ Read-Only or Read-Write access: Defines whether the user should have read

access to the SNMP variables, or be able to read and modify them.

❼ Security Mode: Three security modes are available:

– noAuthnoPriv: No security (i.e., neither authentication, nor encryption)

– authNoPriv: Authentication, but no privacy.

– authPriv: Authentication and Encryption

Note

As of WeOS v4.17.0, the WeOS SNMP agent accepts SNMP requests of
security level authNoPriv also for SNMPv3 users created at level auth-
Priv. This feature is likely to be removed in future WeOS releases.

❼ Encryption protocol: WeOS offers SNMPv3 data encryption using DES and

AES-128.

❼ Authentication protocol: WeOS offers SNMPv3 data integrity using using

MD5 and SHA1.

❼ Scope: A user can be restrained to only access a part of the MIB tree sup-

ported by the unit.

The encryption and authentication passwords are strings of 8-16 characters.
ASCII characters 33-126 except ’#’ (ASCII 35) are allowed.

A maximum of 8 SNMPv3 users can be defined, each with their own parameter
set.

6.1.4.1

SNMPv3 example

This example illustrates the configuration of an SNMPv3 user on the a WeOS
switch. The user alice is grated read-only access to the full MIB tree. Security

➞ 2015 Westermo Teleindustri AB

67