Zu den Hauptinhalten

Dell PowerEdge FN I/O Module Command Line Reference Guide 9.10(0.0)

PDF

snmp-server user (for AES128-CFB Encryption)

Specify that AES128-CFB encryption algorithm needs to be used for transmission of SNMP information. The Advanced Encryption Standard (AES) Cipher Feedback (CFB) 128-bit encryption algorithm is in compliance with RFC 3826. RFCs for SNMPv3 define two authentication hash algorithms, namely, HMAC-MD5-96 and HMAC-SHA1-96. These are the full forms or editions of the truncated versions, namely, HMAC-MD5 and HMAC-SHA1 authentication algorithms.

Syntax

snmp-server user name { group_name remote ip-address udp-port port-number} [1 | 2c | 3] [encrypted] [auth {md5 | sha} auth-password] [priv {des56 | aes128–cfb} priv– password] [access access-list-name | ipv6 access-list-name | access-list-name ipv6 access-list-name]

To remove a user from the SNMP group, use the no snmp-server user name { group_name remote ip-address udp-port port-number} [1 | 2c | 3] [encrypted] [auth {md5 | sha} auth-password] [priv {des56 | aes128–cfb} priv-password] [access access-list-name | ipv6 access-list-name | access-list-name ipv6 access-list-name] command.

Parameters

auth-password	(OPTIONAL) Enter a text string (up to 20 characters long) password that enables the agent to receive packets from the host and to send packets to the host. Minimum: eight characters long.
aes128	(OPTIONAL) Enter the keyword `aes128` to initiate the AES128-CFB encryption algorithm for transmission of SNMP packets.
priv-password	(OPTIONAL) Enter a text string (up to 20 characters long) password that enables the host to encrypt the contents of the message it sends to the agent and to decrypt the contents of the message it receives from the agent. Minimum: eight characters long.

Defaults

If no authentication or privacy option is configured, then the messages are exchanged (attempted anyway) without any authentication or encryption.

Command Modes

CONFIGURATION

Supported Modes

Full–Switch Mode

Command History

Version	Description
9.9(0.0)	Introduced on the FN IOM.
9.3(0.0)	Added support for the AES128-CFB encryption algorithm on the MXL 10/40GbE Switch IO Module platform
8.3.16.1	Introduced on the MXL 10/40GbE Switch IO Module.

Usage Information

To enable robust, effective protection and security for SNMP packets transferred between the server and the client, you can use the snmp-server user username group groupname 3 auth authentication-type auth-password priv aes128 priv-password to specify that AES128-CFB encryption algorithm needs to be used.

You cannot modify the FIPS mode if SNMPv3 users are already configured and present in the system. An error message is displayed if you attempt to change the FIPS mode by using the fips mode enable command in Global Configuration mode. You can enable or disable FIPS mode only if SNMPv3 users are not previously set up. Otherwise, you must remove the previously configured users before you change the FIPS mode.

Example

Dell# snmp-server user privuser v3group v3 encrypted auth md5
                                             9fc53d9d908118b2804fe80e3ba8763d priv aes128 d0452401a8c3ce42804fe80e3ba8763d

Related Commands

show snmp user — Displays the information configured on each SNMP user name.