HP 6125XLG R2306-HP 6125XLG Blade Switch Network Management and Monitoring Com - Page 115

Specifies the DES Data Encryption Standard algorithm., Specifies an SNMP engine.

Page 115 highlights

• des56: Specifies the DES (Data Encryption Standard) algorithm. priv-password: Specifies a case-sensitive plaintext or encrypted privacy key. In non-FIPS mode, a plaintext key is a string of 1 to 64 characters. In FIPS mode, a plaintext key is a string of 15 to 64 visible characters, which must contain numbers, upper-case letters, lower-case letters, and special characters. If the cipher keyword is specified, the encrypted privacy key length requirements differ by authentication algorithm and key string format, as shown in Table 29. Table 29 Encrypted privacy key length requirements Authentication algorithm MD5 SHA Encryption algorithm AES128 or DES-56 AES128 or DES-56 Hexadecimal string 32 characters 40 characters Non-hexadecimal string 53 characters 53 characters acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999. Only NMSs with an IP address permitted in the ACL can use the specified username to access the SNMP agent. If no ACL is specified, the specified ACL does not exist, or the specified ACL does not have any rules, any NMS can use the specified username to access the SNMP agent. acl ipv6 ipv6-acl-number: Specifies a basic IPv6 ACL to filter NMSs by source IPv6 address. The ipv6-acl-number argument represents an ACL number in the range of 2000 to 2999. Only NMSs with an IPv6 address permitted in the IPv6 ACL can use the specified username to access the SNMP agent. If no ACL is specified, the specified ACL does not exist, or the specified ACL does not have any rules, any NMS can use the specified username to access the SNMP agent. local: Specifies the local SNMP engine. engineid engineid-string: Specifies an SNMP engine. The engineid-string argument represents the engine ID and must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid. Usage guidelines You must create an SNMPv3 group before you assign an SNMPv3 user to the group. Otherwise, the user cannot take effect after it is created. An SNMP group contains one or multiple users and specifies the MIB views and security model for the group of users. The authentication and encryption algorithms for each user are specified when they are created. SNMPv3 users are valid only on the SNMP engine that creates them. By default, SNMPv3 users are created on the local SNMP engine. When you create an SNMPv3 user for sending SNMP inform messages, you must associate it with the remote SNMP engine. If you configure an SNMPv3 user multiple times, the most recent configuration takes effect. For security purposes, all keys, including keys configured in plain text, are saved in cipher text. Make sure you remember the username and the plain text of the keys. When you access the device from an NMS, you must provide this information. Examples # Add the user testUser to the SNMPv3 group testGroup, enable the authentication without privacy security model for the group, and specify the authentication algorithm sha and the authentication key authkey in plain text for the user. 113

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207

113
des56
: Specifies the DES (Data Encryption Standard) algorithm.
priv-password
: Specifies a case-sensitive plaintext or encrypted privacy key. In non-FIPS mode, a
plaintext key is a string of 1 to 64 characters. In FIPS mode, a plaintext key is a string of 15 to 64 visible
characters, which must contain numbers, upper-case letters, lower-case letters, and special characters. If
the
cipher
keyword is specified, the encrypted privacy key length requirements differ by authentication
algorithm and key string format, as shown in
Table 29
.
Table 29
Encrypted privacy key length requirements
Authentication
algorithm
Encryption
algorithm
Hexadecimal string
Non-hexadecimal string
MD5
AES128 or
DES-56
32 characters
53 characters
SHA
AES128 or
DES-56
40 characters
53 characters
acl
acl-number
: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The
acl-number
argument represents an ACL number in the range of 2000 to 2999. Only NMSs with an IP address
permitted in the ACL can use the specified username to access the SNMP agent. If no ACL is specified,
the specified ACL does not exist, or the specified ACL does not have any rules, any NMS can use the
specified username to access the SNMP agent.
acl
ipv6
ipv6-acl-number
: Specifies a basic IPv6 ACL to filter NMSs by source IPv6 address. The
ipv6-acl-number
argument represents an ACL number in the range of 2000 to 2999. Only NMSs with an
IPv6 address permitted in the IPv6 ACL can use the specified username to access the SNMP agent. If no
ACL is specified, the specified ACL does not exist, or the specified ACL does not have any rules, any NMS
can use the specified username to access the SNMP agent.
local
: Specifies the local SNMP engine.
engineid
engineid-string
: Specifies an SNMP engine. The
engineid-string
argument represents the
engine ID and must comprise an even number of hexadecimal characters, in the range of 10 to 64.
All-zero and all-F strings are invalid.
Usage guidelines
You must create an SNMPv3 group before you assign an SNMPv3 user to the group. Otherwise, the user
cannot take effect after it is created. An SNMP group contains one or multiple users and specifies the MIB
views and security model for the group of users. The authentication and encryption algorithms for each
user are specified when they are created.
SNMPv3 users are valid only on the SNMP engine that creates them. By default, SNMPv3 users are
created on the local SNMP engine. When you create an SNMPv3 user for sending SNMP inform
messages, you must associate it with the remote SNMP engine.
If you configure an SNMPv3 user multiple times, the most recent configuration takes effect.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Make sure you remember the username and the plain text of the keys. When you access the device from
an NMS, you must provide this information.
Examples
# Add the user
testUser
to the SNMPv3 group
testGroup
, enable the authentication without privacy
security model for the group, and specify the authentication algorithm
sha
and the authentication key
authkey
in plain text for the user.