Support User Manuals

Nortel Networks 8600 Power Supply User Manual

Open as PDF

of 44

SNMP for ERS 8600 TCG v2.1 NN48500-564

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

External Distribution

24

6. Configuring SNMPv3

The following are the configuration steps required to enable SNMPv3:

• Load the DES or AES (release 4.1 only) Encryption Module

• Adding a SNMP User USM

• Assigning the USM as a member to a SNMPv3 USM group

• Assigning the USM group access level of either authPriv, authNoPriv, or noAuthNoPriv

• Assigning a MIB view to the USM group

6.1 Loading the DES or AES Encryption Module

Prior to configuring SNMPv3 on the ERS 8600, the DES or AES encryption module must be

loaded. Note that Advanced Encryption Standard (AES) is supported only release 4.1. The DES

or AES module is required in order to provide secure communications between the user and the

ERS 8600.

The AES standard is the current encryption standard (FIPS-197) intended to be used by the U.S.

Government organizations to protect sensitive information. It is also becoming a global standard

for commercial software and hardware that uses encryption or other security features.

Once the DES or AES encryption module is uploaded to the ERS 8600 (the file ends with a .des

or .aes extension, i.e. p80c3700.des or p80c4100.aes), it can be loaded by typing the following

command:

For single DES:

• ERS-8610:5# config load-encryption-module DES /flash/<filename>.des

For single 3DES:

• ERS-8610:5# config load-encryption-module 3DES /flash/<filename>.des

For AES:

• ERS-8610:5# config load-encryption-module AES /flash/<filename>.aes

6.2 Adding a New SNMPv3 User to USM Table

After the DES or AES module has been loaded, the switch is now ready for SNMPv3

configuration. The first step is to add a user to the USM (User-based Security Model) table. You

can add a new user to the USM table by typing in the following command:

• ERS-8610:5# config snmp-v3 usm create [User Name<1-32>] [authentication

protocol <md5|sha>] auth [authentication password<1-32>] [priv-protocol

<des|aes>] priv [privacy password<1-32>]

In release 4.1, there is one additional change to support AES:

• ERS-8610:5# config snmp-v3 usm create [User Name<1-32>] [authentication

protocol <md5|sha>] auth [authentication password<1-32>] priv [privacy

password<1-32>]

previous next