Dell PowerSwitch S5212F-ON SmartFabric OS10 Security Best Practices Guide July - Page 16
Con SNMP v3, Rationale, Configuration, Con SNMP engine ID.
![]() |
View all Dell PowerSwitch S5212F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 16 highlights
OS10(config-ipv4-acl)# exit OS10(config)# snmp-server community public ro acl snmp-read-only-acl OS10(config)# exit OS10# write memory Configure SNMP v3 Rationale: SNMP v2 does not support encryption or authentication. Dell EMC Networking strongly recommends that you use SNMP v3 which supports secure access to SNMP resources. Configuration: • Configure SNMP engine ID.snmp-server engineID [local engineID] [remote ip-address {[udp-port portnumber] remote-engineID}] ○ local engineID-Enter the engine ID that identifies the local SNMP agent on the switch as an octet colon-separated number. A maximum of 27 characters. ○ remote ip-address-Enter the IPv4 or IPv6 address of a remote SNMP device that accesses the local SNMP agent. ○ udp-port port-number-Enter the UDP port number on the remote device, from 0 to 65535. ○ remote-engineID-Enter the engine ID that identifies the SNMP agent on a remote device, 0x then by a hexadecimal string). • Configure SNMP views. OS10(config)# snmp-server view view-name oid-tree [included | excluded] ○ view-name-Enter the name of a read-only, read/write, or notify view. A maximum of 32 characters. ○ oid-tree-Enter the SNMP object ID at which the view starts in 12-octet dotted-decimal format. ○ included-(Optional) Include the MIB family in the view. ○ excluded-(Optional) Exclude the MIB family from the view. • Configure SNMP groups. OS10(config)# snmp-server group group-name v3 security-level [read view-name] [write viewname] [notify view-name] ○ group-name-Enter the name of the group. A maximum of 32 alphanumeric characters. ○ v3 security-level-SNMPv3 provides optional user authentication and encryption for SNMP messages, configured with the snmp-server user command. ○ security-level-(SNMPv3 only) Configure the security level for SNMPv3 users: ▪ auth-Authenticate users in SNMP messages. ▪ noauth-Do not authenticate users or encrypt SNMP messages; send messages in plain text. ▪ priv-Authenticate users and encrypt or decrypt SNMP messages. ○ access acl-name-(Optional) Enter the name of an IPv4 or IPv6 access list to filter SNMP requests received on the switch. A maximum of 16 characters. ○ read view-name-(Optional) Enter the name of a read-only view. A maximum of 32 characters maximum. ○ write view-name-(Optional) Enter the name of a read/write view. A maximum of 32 characters maximum. ○ notify view-name-(Optional) Enter the name of a notification view. A maximum of 32 characters maximum. • Configure SNMP users. OS10(config)# snmp-server user user-name group-name security-model localized auth sha authpassword priv aes priv-password OS10(config)# exit OS10# write memory ○ user-name-Enter the name of the user. A maximum of 32 alphanumeric characters. ○ group-name-Enter the name of the group to which the user belongs. A maximum of 32 alphanumeric characters. ○ security-model-Enter an SNMP version that sets the security level for SNMP messages: ▪ 3-SNMPv3 provides user authentication and encryption for SNMP messages. ○ auth-(SNMPv3 only) Include a user authentication key for SNMPv3 messages sent to the user: ▪ sha-Generate an authentication key using the SHA algorithm. ▪ auth-password-Enter the encrypted string. ○ priv-Configure encryption for SNMPv3 messages sent to the user: ▪ aes-Encrypt messages using AES 128-bit algorithm. 16 OS10 security best practices
![](/manual_guide/products/dell-mx5108n-smartfabric-os10-security-best-practices-guide-2020-c2fefbc/16.png)