Alcatel Carrier Internetworking Solutions omniswitch User Manual
Setting Up SNMP Access for a User Account
Managing Switch User Accounts
page 7-12
OmniSwitch 6600 Family Switch Management Guide
March 2005
Setting Up SNMP Access for a User Account
By default, users can access the switch based on the SNMP setting specified for the default user account.
The user command, however, may be used to configure SNMP access for a particular user. SNMP access
may be configured without authentication and encryption required (supported by SNMPv1, SNMPv2, or
SNMPv3). Or it may be configured with authentication or authentication/encryption required (SNMPv3
only).
The user command, however, may be used to configure SNMP access for a particular user. SNMP access
may be configured without authentication and encryption required (supported by SNMPv1, SNMPv2, or
SNMPv3). Or it may be configured with authentication or authentication/encryption required (SNMPv3
only).
SNMP authentication specifies the algorithm that should be used for computing the SNMP authentication
key. It may also specify DES encryption. The following options may be configured for a user’s SNMP
access with authentication or authentication/encryption:
key. It may also specify DES encryption. The following options may be configured for a user’s SNMP
access with authentication or authentication/encryption:
• SHA—The SHA authentication algorithm is used for authenticating SNMP PDU for the user.
• MD5—The MD5 authentication algorithm is used for authenticating SNMP PDU for the user.
• SHA and DES—The SHA authentication algorithm and DES encryption standard is used for authenti-
cating and encrypting SNMP PDU for the user.
• MD5 and DES—The MD5 authentication algorithm and the DES encryption standard is used for
authenticating and encrypting SNMP PDU for the user.
The user’s level of SNMP authentication is superseded by the SNMP version allowed globally on the
switch. By default, the switch allows all SNMP requests. Use the
switch. By default, the switch allows all SNMP requests. Use the
SNMP security level on the switch.
Note. At least one user with SHA/MD5 authentication and/or DES encryption must be configured on the
switch for SNMPv3 communication with OmniVista.
switch for SNMPv3 communication with OmniVista.
The community string carried in the SNMP PDU identifies the request as an SNMPv1 or SNMPv2
request. The way the community string is handled on the switch is determined by the setting of the
request. The way the community string is handled on the switch is determined by the setting of the
command. If the community map mode is enabled, the community string is
checked against the community strings database (populated by the
command). If
the community map mode is disabled, then the community string value is checked against the user data-
base. In either case, if the check fails, the request is dropped.
base. In either case, if the check fails, the request is dropped.
For more information about configuring SNMP globally on the switch, see
The next sections describe how to configure SNMP access for users. Note the following:
• SNMP access cannot be specified for the admin user.
• When modifying a user’s SNMP access, the user password must be re-entered (or a new one config-
ured). This is required because the hash algorithm used to save the password in the switch depends on
the SNMP authentication level.
the SNMP authentication level.
SNMP Access Without Authentication/Encryption
To give a user SNMP access without SNMP authentication required, enter the user command with the no
auth option. For example, to give existing user thomas SNMP access without SNMP authentication, enter
the following:
auth option. For example, to give existing user thomas SNMP access without SNMP authentication, enter
the following:
-> user thomas password techpubs no auth