Send documentation comments to mdsfeedback-doc@cisco.com
40-4
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 40 Configuring SNMP
Creating and Modifying Users
You can begin communicating with the agent once your user name is created, your roles are set up by
your administrator, and you are added to the roles.
Creating and Modifying Users
You can create users or modify existing users using SNMP, Fabric Manager, or the CLI.
• SNMP—Create a user as a clone of an existing user in the usmUserTable on the switch. Once you
have created the user, change the cloned secret key before activating the user. Refer to RFC 2574.
• Fabric Manager—See the “Configuring Users” section on page 39-12.
• CLI—Create a user or modify an existing user using the snmp-server user command.
A network-operator and network-admin roles are available in a Cisco MDS 9000 Family switch. There
is also a default-role if you want to use the GUI (Fabric Manager and Device Manager). You can also
use any role that is configured in the Common Roles database (see the
“Configuring User Accounts”
section on page 32-15).
Tip All updates to the CLI security database and the SNMP user database are synchronized. You can use the
SNMP password to log into either Fabric Manager or Device Manager. However, after you use the CLI
password to log into Fabric Manager or Device Manager, you must use the CLI password for all future
logins. If a user exists in both the SNMP database and the CLI database before upgrading to Cisco MDS
SAN-OS Release 2.0(1b), then the set of roles assigned to the user becomes the union of both sets of
roles after the upgrade.
This section includes the following topics:
• About AES Encryption-Based Privacy, page 40-4
• Enforcing SNMPv3 Message Encryption, page 40-5
• Assigning SNMPv3 Users to Multiple Roles, page 40-6
• Adding Communities, page 40-7
• Deleting a Community String, page 40-7
About AES Encryption-Based Privacy
The Advanced Encryption Standard (AES) is the symmetric cipher algorithm. The Cisco NX-OS
software uses AES as one of the privacy protocols for SNMP message encryption and conforms with
RFC 3826.
The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The
priv option along with the aes-128 token indicates that this privacy password is for generating a 128-bit
AES key. The AES priv password can have a minimum of eight characters. If the passphrases are
specified in clear text, you can specify a maximum of 64 characters. If you use the localized key, you
can specify a maximum of 130 characters.
Note For an SNMPv3 operation using the external AAA server, user configurations in the external AAA server
require AES to be the privacy protocol to use SNMP PDU encryption.
To Next Page
Loading...
Need help?
General
