Dell Command Line Reference Guide for the S4048–ON System 9.14.2.8

PDF

snmp-server user (for AES128-CFB Encryption)

Specify that AES128-CFB encryption algorithm needs to be used for transmission of SNMP information. The Advanced Encryption Standard (AES) Cipher Feedback (CFB) 128-bit encryption algorithm is in compliance with RFC 3826. RFCs for SNMPv3 define two authentication hash algorithms, namely, HMAC-MD5-96 and HMAC-SHA1-96. These are the full forms or editions of the truncated versions, namely, HMAC-MD5 and HMAC-SHA1 authentication algorithms.

Syntax
snmp-server user name {group_name remote ip-address udp-port port-number} [1 | 2c | 3] [encrypted] [auth {md5 | sha} auth-password] [priv {des56 | aes128–cfb} priv– password] [access access-list-name | ipv6 access-list-name | access-list-name ipv6 access-list-name]

To remove a user from the SNMP group, use the no snmp-server user name {group_name remote ip-address udp-port port-number} [1 | 2c | 3] [encrypted] [auth {md5 | sha} auth-password] [priv {des56 | aes128–cfb} priv-password] [access access-list-name | ipv6 access-list-name | access-list-name ipv6 access-list-name] command.

Parameters
auth-password
(OPTIONAL) Enter a text string (up to 20 characters long) password that enables the agent to receive packets from the host and to send packets to the host. Minimum: eight characters long.
aes128
(OPTIONAL) Enter the keyword aes128 to initiate the AES128-CFB encryption algorithm for transmission of SNMP packets.
priv-password
(OPTIONAL) Enter a text string (up to 20 characters long) password that enables the host to encrypt the contents of the message it sends to the agent and to decrypt the contents of the message it receives from the agent. Minimum: eight characters long.
Defaults
If no authentication or privacy option is configured, then the messages are exchanged (attempted anyway) without any authentication or encryption.
Command Modes
CONFIGURATION
Command History

This guide is platform-specific. For command information about other platforms, see the relevant Dell EMC Networking OS Command Line Reference Guide.

Version
Description
9.10(0.1)
Introduced on the S6010-ON and S4048T-ON.
9.10(0.0)
Introduced on the S3148.
9.10(0.0)
Introduced on the S6100–ON.
9.8(2.0)
Introduced on the S3100 series.
9.8(1.0)
Introduced on the Z9100–ON.
9.8(0.0P5)
Introduced on the S4048-ON.
9.8(0.0P2)
Introduced on the S3048-ON.
9.7(0.0)
Introduced on the S6000-ON.
9.3(0.0)
Added support for the AES128-CFB encryption algorithm on the S4820T, S4810, S6000 and Z-Series platforms
Usage Information

To enable robust, effective protection and security for SNMP packets transferred between the server and the client, you can use the snmp-server user username group groupname 3 auth authentication-type auth-password priv aes128 priv-password to specify that AES128-CFB encryption algorithm needs to be used.

You cannot modify the FIPS mode if SNMPv3 users are already configured and present in the system. An error message is displayed if you attempt to change the FIPS mode by using the fips mode enable command in Global Configuration mode. You can enable or disable FIPS mode only if SNMPv3 users are not previously set up. Otherwise, you must remove the previously configured users before you change the FIPS mode.

Example
DellEMC# snmp-server user privuser v3group v3 encrypted auth md5
9fc53d9d908118b2804fe80e3ba8763d priv aes128 d0452401a8c3ce42804fe80e3ba8763d
Related Commands
  • show snmp user — Displays the information configured on each SNMP user name.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\