SNMPv3 User Copy-and-Paste Function Configuration Examples

SNMPv3 User Copy-and-Paste Function Configuration

Examples

Keywords: SNMP, copy, and paste.

Abstract: If the NMS manages multiple devices (agents) through the SNMPv3 protocol, you need

to specify SNMPv3 agent group, user name, user authentication mode/privacy protocol,

and authentication passwords/privacy password on all devices. To avoid repeating the

operations on these devices, you can first create an SNMPv3 user on one device, and

then create the same users on other devices by using the SNMPv3 user copy-and-paste

function. This document introduces the configuration steps of this function by giving

examples.

Acronyms:

Acronym Full spelling

AES Advanced Encryption Standard

DES Data Encryption Standard

MD5 Message Digest 5

NMS Network Management Station

SNMP Simple Network Management Protocol

Hangzhou H3C Technologies Co., Ltd. 1/9

 SNMPv3 User Copy-and-Paste Function Configuration Examples

Table of Contents

1 Feature Overview ........................................................................................................................... 3

2 Application Scenarios ..................................................................................................................... 4

3 Configuration Guidelines ................................................................................................................ 4

4 SNMPv3 User Copy-and-Paste Function Configuration Example ................................................. 5

4.1 Network Requirements ........................................................................................................ 5
4.2 Configuration Considerations .............................................................................................. 6
4.3 Software Version Used ........................................................................................................ 6
4.4 Configuration Procedures .................................................................................................... 6
4.4.1 Configuration on Agent 1 .......................................................................................... 6
4.4.2 Configurations on Agent 2 and Agent 3 .................................................................... 7
4.4.3 Verification................................................................................................................. 8

5 References ..................................................................................................................................... 9

Hangzhou H3C Technologies Co., Ltd. 2/9

 SNMPv3 User Copy-and-Paste Function Configuration Examples

1 Feature Overview
When you create an SNMPv3 user on a device, you can input the authentication
password/privacy password in two modes:

z Plain text password: When you create an SNMPv3 user, if you input the
password in plain text, like 123, the system encrypts the password and stores it
in the cache when executing the command for security purpose. When you
display the current configuration using a command, the parameters displayed
are in cipher text, like ED68BDD3A0AC7A5E459F6EB3D4B35B18, instead of
the previously configured format.
z Cipher text password: You can first convert a password into cipher text using
the command provided by the device. When you creating an SNMPv3 user, if
you input the password in cipher text, like
ED68BDD3A0AC7A5E459F6EB3D4B35B18, the system do not encrypt the
password when executing the command. When you display the current
configuration using a command, the parameters displayed are in cipher text,
like ED68BDD3A0AC7A5E459F6EB3D4B35B18, which are the same with the
previously configured format.

To sum up, if you input a password in plain text, the system will encrypt it when
creating the user; if you input a password in cipher text, it means that you have
encrypted the password before you create the user. In your application:

z If the password of an SNMPv3 user is in plain text, when you copy and paste
the configurations of the user, that is, execute the command again, the system
converts the password into another cipher text password. For example, if the
original user name is A, the plain text password is B, after the copy-and-paste
operations, user name is A, but the plain text password changes to C. To
conclude, the paste-and-copy operations on an SNMPv3 user changes the
plain text password.

Hangzhou H3C Technologies Co., Ltd. 3/9

 SNMPv3 User Copy-and-Paste Function Configuration Examples

z If the password of an SNMPv3 user is in cipher text, when you copy and paste
the configurations of the user, that is, execute the command again, the system
do not convert the cipher text password. For example, if the original user name
is A, the plain text password is B, after the copy-and-paste operations, user
name is A, and the plain text password is still B. To conclude, the paste-and-
copy operations on an SNMPv3 user do not change the cipher text password.

Therefore, you are recommended to input the password in cipher text if you need to
copy and paste the configurations of an SNMPv3 user.

Note:
z A plain text password is required when the NMS accesses a device; therefore, if
you specify a cipher text password for an SNMPv3 user, you must know the plain
text password corresponding to the cipher text password you specified for the user.
z Please use the Copy/Paste function of the terminal to copy and paste the
configurations of an SNMPv3 user, for example, press the short keys Ctrl+C and
Ctrl+V. Actual configuration depends on the model of your configure terminal. The
configure terminals in this document support the short keys Ctrl+C and Ctrl+V.

2 Application Scenarios
If the engine IDs of two devices are the same, you can copy and paste the SNMPv3
user with cipher text password on one device to another, and create the same user
with the same password, thus facilitating batch configuration on network devices.

3 Configuration Guidelines
z If the password is in cipher text, the pri-password argument can be obtained by
the snmp-agent calculate-password command. To make the calculated
cipher text password applicable to and have the same effect as that in the
snmp-agent usm-user v3 cipher command,, ensure that the same privacy
protocol is specified for the two commands and the local engine ID specified in
the snmp-agent usm-user v3 cipher command is consistent with the SNMP
entity engine ID specified in the snmp-agent calculate-password command.

Hangzhou H3C Technologies Co., Ltd. 4/9

 SNMPv3 User Copy-and-Paste Function Configuration Examples

z Before the copy and paste operations, ensure that the local SNMP entity engine
ID of device A and that of device B when creating the user are the same.
Devices have their own factory settings of SNMP entity engine ID, and you can
modify the settings to be the same by using the snmp-agent local-engineid
command.
z If the local SNMP entity engine IDs of devices are different, the newly created
user which is copied from another device is considered illegal. And when the
NMS accesses the device using this user name and password, it fails to pass
the authentication.

4 SNMPv3 User Copy-and-Paste Function

Configuration Example

4.1 Network Requirements

z There are two devices on the network: NMS and Agent 1; the NMS manages
Agent 1; the NMS and Agent 1 can access each other using the following
configurations: the user name is v3User, authentication protocol is SHA, plain
text authentication password is abcd, privacy protocol is DES56, and plain text
privacy password is 1234.
z The network is extended by adding two devices Agent 2 and Agent 3, which are
of the same model with Agent 1. To simplify network management, NMS
accesses Agent 2 and Agent 3 by using the same user name, authentication
mode and password, encryption mode and password with that it accesses
Agent 1. Realize management from NMS on Agent 2 and Agent 3 in an easy
and fast way.

Agent 2 Agent 3

1.1.1.4/24
1.1.1.5/24
NMS
Agent 1
1.1.1.2/24 1.1.1.1/24
IP network

Figure 1 Network diagram for SNMPv3 user copy-and-paste

Hangzhou H3C Technologies Co., Ltd. 5/9

 SNMPv3 User Copy-and-Paste Function Configuration Examples

4.2 Configuration Considerations

Create an SNMPv3 user on Agent 1, and realize management of NMS on Agent 2

and Agent 3 by copying and pasting the configurations on Agent 1 to other agents.

z Create an SNMPv3 user named v3User on Agent 1 with cipher text password,
and configure that the cipher text password can be calculated from the plain
text password, authentication mode and SNMP entity engine ID.
z Copy the configuration file on Agent 1, and paste it to Agent 2 and Agent 3
respectively.

4.3 Software Version Used

This example is configured and verified on COMWAREV500R002B49D001

4.4 Configuration Procedures

Note:
The following configurations are made on devices that are using default settings and
verified in a lab environment. When using the following configurations on your
devices in a live network, make sure they do not conflict with your current
configurations to prevent potential negative impact on your network.

4.4.1 Configuration on Agent 1

I. Configuration procedure

(1) Create an SNMPv3 user named v3User with cipher text password.

# Configure local SNMP entity engine ID.

<Agent1> system-view
[Agent1] snmp-agent local-engineid 800063A203000056000000

# Configure an SNMPv3 group with the security level of authentication and privacy.

[Agent1] snmp-agent group v3 v3Group privacy

# Use SHA and local engine ID to convert the plain text password abcd.

Hangzhou H3C Technologies Co., Ltd. 6/9

 SNMPv3 User Copy-and-Paste Function Configuration Examples

[Agent1] snmp-agent calculate-password abcd mode sha local-engineid

The secret key is: 5496DF6FEB168CF60DEC15479F921F9CC7A15478

# Use SHA and local engine ID to convert the plain text password 1234.

[Agent1] snmp-agent calculate-password 1234 mode sha local-engineid

The secret key is: BCC979BC3FB858A7A98B2AB79D163FA5D3918767

# Create an SNMPv3 user named v3User, configure the security level as

authentication and privacy, the authentication protocol as SHA, the plain text
authentication password as abcd, privacy protocol as DES56, and plain text privacy
password as 1234.

[Agent1] snmp-agent usm-user v3 v3User v3Group cipher authentication-mode

sha 5496DF6FEB168CF60DEC15479F921F9CC7A15478 privacy-mode des56
BCC979BC3FB858A7A98B2AB79D163FA5D3918767

(2) Copy SNMPv3 user configurations

# Display the configuration file.

[Agent1] display current-configuration | include snmp-agent

snmp-agent local-engineid 800063A203000056000000
snmp-agent group v3 v3Group privacy
snmp-agent calculate-password abcd mode sha local-engineid
snmp-agent calculate-password 1234 mode sha local-engineid
snmp-agent usm-user v3 v3User v3Group cipher authentication-mode sha
5496DF6FEB168CF60DEC15479F921F9CC7A15478 privacy-mode des56
BCC979BC3FB858A7A98B2AB79D163FA5D3918767

#Copy the configurations of the SNMPv3 user using the short keys Ctrl+C, that is, the
above terminal display with grey shading.

4.4.2 Configurations on Agent 2 and Agent 3

I. Configuration procedure on Agent 2

#Enter system view.

<Agent2> system-view

# Paste the copied content in the previous section by using the short keys Ctrl+V.

[Agent2] snmp-agent local-engineid 800063A203000056000000

[Agent2] snmp-agent group v3 v3Group privacy
[Agent2] snmp-agent usm-user v3 v3User v3Group cipher authentication-mode
sha 5496DF6FEB168CF60DEC15479F921F9CC7A15478 privacy-mode des56
BCC979BC3FB858A7A98B2AB79D163FA5D3918767
[Agent2]

Hangzhou H3C Technologies Co., Ltd. 7/9

 SNMPv3 User Copy-and-Paste Function Configuration Examples

II. Configuration procedure on Agent 3

# Enter system view.

<Agent3> system-view

# Paste the copied content in the previous section by using the short keys Ctrl+V.

[Agent3] snmp-agent local-engineid 800063A203000056000000

[Agent3] snmp-agent group v3 v3Group privacy
[Agent3] snmp-agent usm-user v3 v3User v3Group cipher authentication-mode
sha 5496DF6FEB168CF60DEC15479F921F9CC7A15478 privacy-mode des56
BCC979BC3FB858A7A98B2AB79D163FA5D3918767
[Agent3]

4.4.3 Verification
(1) Display the configurations of the current SNMPv3 users on Agent 1, Agent 2
and Agent 3 respectively. The displayed user names should be the same, so
are the passwords.

# Display the configurations of the current SNMPv3 user on Agent 1.

[Agent1] display current-configuration | include v3User

snmp-agent usm-user v3 v3User v3Group cipher authentication-mode sha
5496DF6FEB168CF60DEC15479F921F9CC7A15478 privacy-mode des56
BCC979BC3FB858A7A98B2AB79D163FA5D3918767

# Display the configurations of the current SNMPv3 user on Agent 2.

[Agent2] display current-configuration | include v3User

snmp-agent usm-user v3 v3User v3Group cipher authentication-mode sha
5496DF6FEB168CF60DEC15479F921F9CC7A15478 privacy-mode des56
BCC979BC3FB858A7A98B2AB79D163FA5D3918767

# Display the configurations of the current SNMPv3 user on Agent 3.

[Agent3] display current-configuration | include v3User

snmp-agent usm-user v3 v3User v3Group cipher authentication-mode sha
5496DF6FEB168CF60DEC15479F921F9CC7A15478 privacy-mode des56
BCC979BC3FB858A7A98B2AB79D163FA5D3918767

(2) Apply SNMPv3 on NMS, and access Agent 1, Agent 2 and Agent 3 by using the
user name v3User, authentication protocol SHA, authentication password abcd,
privacy protocol as DE5, and privacy password as 1234.

Hangzhou H3C Technologies Co., Ltd. 8/9

 SNMPv3 User Copy-and-Paste Function Configuration Examples

5 References
z RFC 2574

Copyright ©2008 Hangzhou H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou

H3C Technologies Co., Ltd.

The information in this document is subject to change without notice.

Hangzhou H3C Technologies Co., Ltd. 9/9