Brocade FastIron Ethernet Switch Administration Guide User Manual

The name parameter defines the SNMP user name or security name used to access the management
module.

The groupname parameter identifies the SNMP group to which this user is associated or mapped. All
users must be mapped to an SNMP group. Groups are defined using the snmp-server group
command.

NOTE
The SNMP group to which the user account will be mapped should be configured before creating the
user accounts; otherwise, the group will be created without any views. Also, ACL groups must be
configured before configuring user accounts.

The v3 parameter is required.

The access standard-ACL-id parameter is optional. It indicates that incoming SNMP packets are
filtered based on the ACL attached to the user account.

NOTE
The ACL specified in a user account overrides the ACL assigned to the group to which the user is
mapped. If no ACL is entered for the user account, then the ACL configured for the group will be used
to filter packets.

The encrypted parameter means that the MD5 or SHA password will be a digest value. MD5 has 16
octets in the digest. SHA has 20. The digest string has to be entered as a hexadecimal string. In this
case, the agent need not generate any explicit digest. If the encrypted parameter is not used, the user
is expected to enter the authentication password string for MD5 or SHA. The agent will convert the
password string to a digest, as described in RFC 2574.

The auth md5 | sha parameter is optional. It defines the type of encryption that the user must have to
be authenticated. Choose between MD5 or SHA encryption. MD5 and SHA are two authentication
protocols used in SNMP version 3.

The md5-password and sha-password define the password the user must use to be authenticated.
These password must have a minimum of 8 characters. If the encrypted parameter is used, then the
digest has 16 octets for MD5 or 20 octets for SHA.

NOTE
Once a password string is entered, the generated configuration displays the digest (for security
reasons), not the actual password.

The priv [encrypted] parameter is optional after you enter the md5 or sha password. The priv
parameter specifies the encryption type (DES or AES) used to encrypt the privacy password. If the
encrypted keyword is used, do the following:

• If DES is the privacy protocol to be used, enter des followed by a 16-octet DES key in hexadecimal

format for the des-password-key . If you include the encrypted keyword, enter a password string of
at least 8 characters.

• If AES is the privacy protocol to be used, enter aes followed by the AES password key. For a small

password key, enter 12 characters. For a big password key, enter 16 characters. If you include the
encrypted keyword, enter a password string containing 32 hexadecimal characters.

SNMP Access

144

FastIron Ethernet Switch Administration Guide

53-1003075-02