HP 6125G HP 6125G & 6125G/XG Blade Switches Network Management and Mon - Page 90

usm-user v3, snmp-agent usm-user

Get HP 6125G PDF manuals and user guides View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals

Page 90 highlights

acl ipv6 ipv6-acl-number: Specifies a basic ACL to filter NMSs by source IPv6 address. The ipv6-acl-number argument represents a basic ACL number in the range of 2000 to 2999. Only the NMSs with the IPv6 addresses permitted in the ACL can use the specified username to access the SNMP agent. local: Represents a local SNMP entity user. engineid engineid-string: Specifies the SNMP engine ID as a hexadecimal string. The engineid-string argument must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid. Description Use snmp-agent usm-user v3 to create an SNMPv3 user in an SNMP group. Use undo snmp-agent usm-user v3 to delete an SNMPv3 user from an SNMP group. You must create an SNMPv3 user for the agent and the NMS to use SNMPv3. You must create an SNMP group before you assign an SNMP user to the group. Otherwise, the user cannot take effect after it is created. An SNMP group can contain multiple users. It defines SNMP objects accessible to the group of users in the MIB view and specifies whether to enable authentication and privacy functions. The authentication and encryption algorithms are defined when a user is created. You can use the snmp-agent calculate-password command to obtain a hexadecimal ciphertext string for the pri-password argument in the snmp-agent usm-user v3 cipher command. To make the calculated cipher text password applicable to the snmp-agent usm-user v3 cipher command, make sure the same privacy protocol is specified for the two commands and the local engine ID specified in the snmp-agent usm-user v3 cipher command is consistent with the SNMP entity engine ID specified in the snmp-agent calculate-password command. When you execute this command repeatedly to configure the same user (the usernames are the same, no limitation to other keywords and arguments), the last configuration takes effect. For secrecy, both plaintext and ciphertext keys are saved in cipher text. Remember the username and the plaintext password when you create a user. A plaintext password is required when the NMS accesses the SNMP agent. Related commands: snmp-agent calculate-password, snmp-agent group, and snmp-agent usm-user { v1 | v2c }. Examples # Add the user testUser to the SNMPv3 group testGroup. Configure the security model as authentication without privacy, the authentication algorithm as MD5, and the plain-text key as authkey. system-view [Sysname] snmp-agent group v3 testGroup authentication [Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey • Set the SNMP version on the NMS to SNMPv3. • Fill in the username testUser. • Set the authentication algorithm to MD5. • Set the authentication encrypted key to authkey. • Establish a connection, and the NMS can access the MIB objects in the default view (ViewDefault) on the device. # Add the user testUser to the SNMPv3 group testGroup. Configure the security model as authentication and privacy, the authentication algorithm as MD5, the privacy algorithm as DES56, the plain-text authentication key as authkey, and the plain-text privacy key as prikey. 84

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
84
acl ipv6
ipv6-acl-number
: Specifies a basic ACL to filter NMSs by source IPv6 address. The
ipv6-acl-number
argument represents a basic ACL number in the range of 2000 to 2999. Only the NMSs
with the IPv6 addresses permitted in the ACL can use the specified username to access the SNMP agent.
local
: Represents a local SNMP entity user.
engineid
engineid-string
: Specifies the SNMP engine ID as a hexadecimal string. The
engineid-string
argument must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-zero
and all-F strings are invalid.
Description
Use
snmp-agent usm-user v3
to create an SNMPv3 user in an SNMP group.
Use
undo snmp-agent usm-user v3
to delete an SNMPv3 user from an SNMP group.
You must create an SNMPv3 user for the agent and the NMS to use SNMPv3.
You must create an SNMP group before you assign an SNMP user to the group. Otherwise, the user
cannot take effect after it is created. An SNMP group can contain multiple users. It defines SNMP objects
accessible to the group of users in the MIB view and specifies whether to enable authentication and
privacy functions. The authentication and encryption algorithms are defined when a user is created.
You can use the
snmp-agent calculate-password
command to obtain a hexadecimal ciphertext string for
the
pri-password
argument in the
snmp-agent usm-user v3
cipher
command. To make the calculated
cipher text password applicable to the
snmp-agent usm-user v3
cipher
command, make sure the same
privacy protocol is specified for the two commands and the local engine ID specified in the
snmp-agent
usm-user v3
cipher
command is consistent with the SNMP entity engine ID specified in the
snmp-agent
calculate-password
command.
When you execute this command repeatedly to configure the same user (the usernames are the same, no
limitation to other keywords and arguments), the last configuration takes effect.
For secrecy, both plaintext and ciphertext keys are saved in cipher text. Remember the username and the
plaintext password when you create a user. A plaintext password is required when the NMS accesses the
SNMP agent.
Related commands:
snmp-agent calculate-password
,
snmp-agent group
, and
snmp-agent usm-user
{
v1
|
v2c
}.
Examples
# Add the user
testUser
to the SNMPv3 group
testGroup
. Configure the security model as
authentication
without privacy
, the authentication algorithm as
MD5
, and the plain-text key as
authkey
.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup authentication
[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey
Set the SNMP version on the NMS to SNMPv3.
Fill in the username
testUser
.
Set the authentication algorithm to
MD5
.
Set the authentication encrypted key to
authkey
.
Establish a connection, and the NMS can access the MIB objects in the default view (ViewDefault)
on the device.
# Add the user
testUser
to the SNMPv3 group
testGroup
. Configure the security model as
authentication
and privacy
, the authentication algorithm as MD5, the privacy algorithm as DES56, the plain-text
authentication key as
authkey
, and
the plain-text privacy key as
prikey
.