3com WX2200 3CRWX220095A User Manual
Configuring SNMP
143
3des—Triple DES encryption is used.
aes—Advanced Encryption Standard (AES) encryption is used.
If the encryption type is des, 3des, or aes, you can specify a passphrase
or a hexadecimal key.
or a hexadecimal key.
To specify a passphrase, use the encrypt-pass-phrase string option.
The string can be from 8 to 32 alphanumeric characters long, with no
spaces. Type a string at least 8 characters long for DES or 3DES, or at
least 12 characters long for AES.
The string can be from 8 to 32 alphanumeric characters long, with no
spaces. Type a string at least 8 characters long for DES or 3DES, or at
least 12 characters long for AES.
To specify a key, use the encrypt-key hex-string option. Type a
16-byte hexadecimal string.
16-byte hexadecimal string.
Command Examples
The following command creates USM user snmpmgr1, associated with
the local SNMP engine ID. This user can send traps to notification
receivers.
the local SNMP engine ID. This user can send traps to notification
receivers.
WX1200# set snmp usm snmpmgr1 snmp-engine-id local
success: change accepted.
success: change accepted.
The following command creates USM user securesnmpmgr1, which uses
SHA authentication and 3DES encryption with passphrases. This user can
send informs to the notification receiver that has engine ID 192.168.40.2.
SHA authentication and 3DES encryption with passphrases. This user can
send informs to the notification receiver that has engine ID 192.168.40.2.
WX1200# set snmp usm securesnmpmgr1 snmp-engine-id ip
192.168.40.2 auth-type sha auth-pass-phrase myauthpword
encrypt-type 3des encrypt-pass-phrase mycryptpword
success: change accepted.
192.168.40.2 auth-type sha auth-pass-phrase myauthpword
encrypt-type 3des encrypt-pass-phrase mycryptpword
success: change accepted.
Setting SNMP
Security
By default, MSS allows nonsecure SNMP message exchanges. You can
configure MSS to require secure SNMP exchanges instead.
configure MSS to require secure SNMP exchanges instead.
Depending on the level of security you want MSS to enforce, you can
require authentication of message exchanges only, or of message
exchanges and notifications. You also can require encryption in addition
to authentication.
require authentication of message exchanges only, or of message
exchanges and notifications. You also can require encryption in addition
to authentication.
SNMPv1 and SNMPv2c do not support authentication or encryption. If
you plan to use SNMPv1 or SNMPv2c, leave the minimum level of SNMP
security set to unsecured.
you plan to use SNMPv1 or SNMPv2c, leave the minimum level of SNMP
security set to unsecured.