OS6860(E)_AOS_8.1.1.R01_Switch_Management_Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Setting Up SNMP Access for a User Account<br />
Managing <strong>Switch</strong> User Accounts<br />
Setting Up SNMP Access for a User Account<br />
By default, users can access the switch based on the SNMP setting specified for the default user account.<br />
The user command, however, may be used to configure SNMP access for a particular user. SNMP access<br />
may be configured without authentication and encryption required (supported by SNMPv1, SNMPv2, or<br />
SNMPv3). Or it may be configured with authentication or authentication/encryption required (SNMPv3<br />
only).<br />
SNMP authentication specifies the algorithm that should be used for computing the SNMP authentication<br />
key. It may also specify DES encryption. The following options may be configured for a user’s SNMP<br />
access with authentication or authentication/encryption:<br />
• SHA—The SHA authentication algorithm is used for authenticating SNMP PDU for the user.<br />
• MD5—The MD5 authentication algorithm is used for authenticating SNMP PDU for the user.<br />
• SHA and DES—The SHA authentication algorithm and DES encryption standard is used for authenticating<br />
and encrypting SNMP PDU for the user.<br />
• MD5 and DES—The MD5 authentication algorithm and the DES encryption standard is used for<br />
authenticating and encrypting SNMP PDU for the user.<br />
The user’s level of SNMP authentication is superseded by the SNMP version allowed globally on the<br />
switch. By default, the switch allows all SNMP requests. Use the snmp security command to change the<br />
SNMP security level on the switch.<br />
Note. At least one user with SHA/MD5 authentication and/or DES encryption must be configured on the<br />
switch for SNMPv3 communication with OmniVista.<br />
The community string carried in the SNMP PDU identifies the request as an SNMPv1 or SNMPv2<br />
request. The way the community string is handled on the switch is determined by the setting of the snmp<br />
community-map mode command. If the community map mode is enabled, the community string is<br />
checked against the community strings database (populated by the snmp community-map command). If<br />
the community map mode is disabled, then the community string value is checked against the user database.<br />
In either case, if the check fails, the request is dropped.<br />
For more information about configuring SNMP globally on the switch, see Chapter 9, “Using SNMP.”<br />
The next sections describe how to configure SNMP access for users. Note the following:<br />
• SNMP access cannot be specified for the admin user.<br />
• When modifying a user’s SNMP access, the user password must be re-entered (or a new one configured).<br />
This is required because the hash algorithm used to save the password in the switch depends on<br />
the SNMP authentication level.<br />
SNMP Access Without Authentication/Encryption<br />
To give a user SNMP access without SNMP authentication required, enter the user command with the no<br />
auth option. For example, to give existing user thomas SNMP access without SNMP authentication, enter<br />
the following:<br />
-> user thomas password techpubs no auth<br />
page 6-16 Omni<strong>Switch</strong> <strong>AOS</strong> Release 8 <strong>Switch</strong> <strong>Management</strong> <strong>Guide</strong> May 2014