OS6860(E)_AOS_8.1.1.R01_Switch_Management_Guide

Recommendations

Info

Setting Up SNMP Access for a User Account Managing Switch User Accounts Setting Up SNMP Access for a User Account By default, users can access the switch based on the SNMP setting specified for the default user account. The user command, however, may be used to configure SNMP access for a particular user. SNMP access may be configured without authentication and encryption required (supported by SNMPv1, SNMPv2, or SNMPv3). Or it may be configured with authentication or authentication/encryption required (SNMPv3 only). SNMP authentication specifies the algorithm that should be used for computing the SNMP authentication key. It may also specify DES encryption. The following options may be configured for a user’s SNMP access with authentication or authentication/encryption: • SHA—The SHA authentication algorithm is used for authenticating SNMP PDU for the user. • MD5—The MD5 authentication algorithm is used for authenticating SNMP PDU for the user. • SHA and DES—The SHA authentication algorithm and DES encryption standard is used for authenticating and encrypting SNMP PDU for the user. • MD5 and DES—The MD5 authentication algorithm and the DES encryption standard is used for authenticating and encrypting SNMP PDU for the user. The user’s level of SNMP authentication is superseded by the SNMP version allowed globally on the switch. By default, the switch allows all SNMP requests. Use the snmp security command to change the SNMP security level on the switch. Note. At least one user with SHA/MD5 authentication and/or DES encryption must be configured on the switch for SNMPv3 communication with OmniVista. The community string carried in the SNMP PDU identifies the request as an SNMPv1 or SNMPv2 request. The way the community string is handled on the switch is determined by the setting of the snmp community-map mode command. If the community map mode is enabled, the community string is checked against the community strings database (populated by the snmp community-map command). If the community map mode is disabled, then the community string value is checked against the user database. In either case, if the check fails, the request is dropped. For more information about configuring SNMP globally on the switch, see Chapter 9, “Using SNMP.” The next sections describe how to configure SNMP access for users. Note the following: • SNMP access cannot be specified for the admin user. • When modifying a user’s SNMP access, the user password must be re-entered (or a new one configured). This is required because the hash algorithm used to save the password in the switch depends on the SNMP authentication level. SNMP Access Without Authentication/Encryption To give a user SNMP access without SNMP authentication required, enter the user command with the no auth option. For example, to give existing user thomas SNMP access without SNMP authentication, enter the following: -> user thomas password techpubs no auth page 6-16 OmniSwitch AOS Release 8 Switch Management Guide May 2014
Managing Switch User Accounts Setting Up SNMP Access for a User Account For this user, if the SNMP community map mode is enabled (the default), the SNMP community map must include a mapping for this user to a community string. In this example, the community string is our_group: -> snmp community map our_group user thomas In addition, the global SNMP security level on the switch must allow non-authenticated SNMP frames through the switch. By default, the SNMP security level is privacy all; this is the highest level of SNMP security, which allows only SNMPv3 frames through the switch. Use the snmp security command to change the SNMP security level. For more information about configuring SNMP globally on the switch, see Chapter 9, “Using SNMP.” SNMP Access With Authentication/Encryption To configure a user with SNMP access and authentication, enter the user command with the desired authentication type (sha, md5, sha+des, and md5+des). -> user thomas password techpubs sha+des When SNMP authentication is specified, an SNMP authentication key is computed from the user password based on the authentication/encryption setting. In this example, the switch would use the SHA authentication algorithm and DES encryption on the techpubs password to determine the SNMP authentication key for this user. The key is in hexadecimal form and is used for encryption/de-encryption of the SNMP PDU. The authentication key is only displayed in an ASCII configuration file if the snapshot command is entered. The key is indicated in the file by the syntax authkey key. See Chapter 5, “Working With Configuration Files,” for information about using the snapshot command. The key is not displayed in the CLI. Removing SNMP Access From a User To deny SNMP access, enter the user command with the no snmp option: -> user thomas no snmp This command results in thomas no longer having SNMP access to manage the switch. OmniSwitch AOS Release 8 Switch Management Guide May 2014 page 6-17
Page 1 and 2:
Part No. 060391-10, Rev. A May 2014
Page 3 and 4:
Contents About This Guide .........
Page 5 and 6:
Contents Using the Switch as an FTP
Page 7 and 8:
Contents Account and Password Polic
Page 9 and 10:
Contents Authentication Trap ......
Page 11 and 12:
Contents Firmware Upgrade Files ...
Page 13 and 14:
About This Guide This OmniSwitch AO
Page 15 and 16:
About This Guide Documentation Road
Page 17 and 18:
About This Guide Related Documentat
Page 19 and 20:
1 Logging Into the Switch Logging i
Page 21 and 22:
Logging Into the Switch Quick Steps
Page 23 and 24:
Logging Into the Switch Overview of
Page 25 and 26:
Logging Into the Switch Accessing t
Page 27 and 28:
Logging Into the Switch Setting the
Page 29 and 30:
Logging Into the Switch Using Secur
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Logging Into the Switch Modifying t
Page 37 and 38:
Logging Into the Switch Enabling th
Page 39 and 40:
Logging Into the Switch Enabling th
Page 41 and 42:
2 Managing System Files This chapte
Page 43 and 44:
Managing System Files Switch Admini
Page 45 and 46:
Managing System Files File and Dire
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Managing System Files Loading Softw
Page 55 and 56:
Managing System Files Loading Softw
Page 57 and 58:
Managing System Files Setting the S
Page 59 and 60:
Managing System Files Setting the S
Page 61 and 62:
3 Managing CMM Directory Content Th
Page 63 and 64: Managing CMM Directory Content CMM
Page 69 and 70: Managing CMM Directory Content Mana
Page 75 and 76: Managing CMM Directory Content Usin
Page 77 and 78: 4 Using the CLI Alcatel-Lucent’s
Page 79 and 80: Using the CLI Command Entry Rules a
Page 81 and 82: Using the CLI Command Help -> sh vl
Page 83 and 84: Using the CLI Logging CLI Commands
Page 85 and 86: Using the CLI Customizing the Scree
Page 87 and 88: 5 Working With Configuration Files
Page 89 and 90: Working With Configuration Files Tu
Page 91 and 92: Working With Configuration Files Qu
Page 93 and 94: Working With Configuration Files Co
Page 95 and 96: Working With Configuration Files Cr
Page 97 and 98: Working With Configuration Files Cr
Page 99 and 100: 6 Managing Switch User Accounts Swi
Page 101 and 102: Managing Switch User Accounts User
Page 103 and 104: Managing Switch User Accounts Overv
Page 105 and 106: Managing Switch User Accounts Overv
Page 107 and 108: Managing Switch User Accounts Creat
Page 109 and 110: Managing Switch User Accounts Confi
Page 111 and 112: Managing Switch User Accounts Confi
Page 113: Managing Switch User Accounts Confi
Page 117 and 118: Managing Switch User Accounts Multi
Page 119 and 120: 7 Managing Switch Security Switch s
Page 121 and 122: Managing Switch Security Switch Sec
Page 123 and 124: Managing Switch Security Authentica
Page 125 and 126: Managing Switch Security Quick Step
Page 127 and 128: Managing Switch Security Setting Up
Page 129 and 130: Managing Switch Security Configurin
Page 131 and 132: 8 Using WebView The switch can be m
Page 133 and 134: Using WebView WebView CLI Commands
Page 135 and 136: Using WebView WebView Overview Conf
Page 137 and 138: 9 Using SNMP The Simple Network Man
Page 139 and 140: Using SNMP Quick Steps for Setting
Page 141 and 142: Using SNMP Quick Steps for Setting
Page 143 and 144: Using SNMP SNMP Overview Using SNMP
Page 145 and 146: Using SNMP Using SNMP For Switch Se
Page 147 and 148: Using SNMP Using SNMP For Switch Se
Page 149 and 150: Using SNMP Working with SNMP Traps
Page 151 and 152: Using SNMP Verifying the SNMP Confi
Page 153 and 154: 10 Web Services, CLI Scripting, and
Page 155 and 156: Web Services, CLI Scripting, and Op
Page 165 and 166:
Web Services, CLI Scripting, and Op
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
11 Configuring Network Time Protoco
Page 183 and 184:
Configuring Network Time Protocol (
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
12 Managing Automatic Remote Config
Page 197 and 198:
Managing Automatic Remote Configura
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
13 Configuring Virtual Chassis A Vi
Page 221 and 222:
Configuring Virtual Chassis Virtual
Page 223 and 224:
Configuring Virtual Chassis Quick S
Page 225 and 226:
Page 227 and 228:
Configuring Virtual Chassis Managin
Page 229 and 230:
Configuring Virtual Chassis Managin
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Configuring Virtual Chassis Interac
Page 237 and 238:
Configuring Virtual Chassis Configu
Page 239 and 240:
Configuring Virtual Chassis Configu
Page 241 and 242:
Configuring Virtual Chassis Display
Page 243 and 244:
A Software License and Copyright St
Page 245 and 246:
Alcatel-Lucent License Agreement Al
Page 247 and 248:
B SNMP Trap Information This append
Page 249 and 250:
SNMP Traps Table No. Trap Name Obje
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Index Symbols !! command 4-6 A aaa
Page 295 and 296:
Index Network Time Protocol see NTP
show all

OS6860(E)_AOS_8.1.1.R01_Switch_Management_Guide

Create successful ePaper yourself

Delete template?

Save as template?