Académique Documents
Professionnel Documents
Culture Documents
Abstract: If the NMS manages multiple devices (agents) through the SNMPv3 protocol, you need
to specify SNMPv3 agent group, user name, user authentication mode/privacy protocol,
operations on these devices, you can first create an SNMPv3 user on one device, and
then create the same users on other devices by using the SNMPv3 user copy-and-paste
function. This document introduces the configuration steps of this function by giving
examples.
Acronyms:
Table of Contents
5 References ..................................................................................................................................... 9
1 Feature Overview
When you create an SNMPv3 user on a device, you can input the authentication
password/privacy password in two modes:
z Plain text password: When you create an SNMPv3 user, if you input the
password in plain text, like 123, the system encrypts the password and stores it
in the cache when executing the command for security purpose. When you
display the current configuration using a command, the parameters displayed
are in cipher text, like ED68BDD3A0AC7A5E459F6EB3D4B35B18, instead of
the previously configured format.
z Cipher text password: You can first convert a password into cipher text using
the command provided by the device. When you creating an SNMPv3 user, if
you input the password in cipher text, like
ED68BDD3A0AC7A5E459F6EB3D4B35B18, the system do not encrypt the
password when executing the command. When you display the current
configuration using a command, the parameters displayed are in cipher text,
like ED68BDD3A0AC7A5E459F6EB3D4B35B18, which are the same with the
previously configured format.
To sum up, if you input a password in plain text, the system will encrypt it when
creating the user; if you input a password in cipher text, it means that you have
encrypted the password before you create the user. In your application:
z If the password of an SNMPv3 user is in plain text, when you copy and paste
the configurations of the user, that is, execute the command again, the system
converts the password into another cipher text password. For example, if the
original user name is A, the plain text password is B, after the copy-and-paste
operations, user name is A, but the plain text password changes to C. To
conclude, the paste-and-copy operations on an SNMPv3 user changes the
plain text password.
z If the password of an SNMPv3 user is in cipher text, when you copy and paste
the configurations of the user, that is, execute the command again, the system
do not convert the cipher text password. For example, if the original user name
is A, the plain text password is B, after the copy-and-paste operations, user
name is A, and the plain text password is still B. To conclude, the paste-and-
copy operations on an SNMPv3 user do not change the cipher text password.
Therefore, you are recommended to input the password in cipher text if you need to
copy and paste the configurations of an SNMPv3 user.
Note:
z A plain text password is required when the NMS accesses a device; therefore, if
you specify a cipher text password for an SNMPv3 user, you must know the plain
text password corresponding to the cipher text password you specified for the user.
z Please use the Copy/Paste function of the terminal to copy and paste the
configurations of an SNMPv3 user, for example, press the short keys Ctrl+C and
Ctrl+V. Actual configuration depends on the model of your configure terminal. The
configure terminals in this document support the short keys Ctrl+C and Ctrl+V.
2 Application Scenarios
If the engine IDs of two devices are the same, you can copy and paste the SNMPv3
user with cipher text password on one device to another, and create the same user
with the same password, thus facilitating batch configuration on network devices.
3 Configuration Guidelines
z If the password is in cipher text, the pri-password argument can be obtained by
the snmp-agent calculate-password command. To make the calculated
cipher text password applicable to and have the same effect as that in the
snmp-agent usm-user v3 cipher command,, ensure that the same privacy
protocol is specified for the two commands and the local engine ID specified in
the snmp-agent usm-user v3 cipher command is consistent with the SNMP
entity engine ID specified in the snmp-agent calculate-password command.
z Before the copy and paste operations, ensure that the local SNMP entity engine
ID of device A and that of device B when creating the user are the same.
Devices have their own factory settings of SNMP entity engine ID, and you can
modify the settings to be the same by using the snmp-agent local-engineid
command.
z If the local SNMP entity engine IDs of devices are different, the newly created
user which is copied from another device is considered illegal. And when the
NMS accesses the device using this user name and password, it fails to pass
the authentication.
Agent 2 Agent 3
1.1.1.4/24
1.1.1.5/24
NMS
Agent 1
1.1.1.2/24 1.1.1.1/24
IP network
z Create an SNMPv3 user named v3User on Agent 1 with cipher text password,
and configure that the cipher text password can be calculated from the plain
text password, authentication mode and SNMP entity engine ID.
z Copy the configuration file on Agent 1, and paste it to Agent 2 and Agent 3
respectively.
Note:
The following configurations are made on devices that are using default settings and
verified in a lab environment. When using the following configurations on your
devices in a live network, make sure they do not conflict with your current
configurations to prevent potential negative impact on your network.
I. Configuration procedure
(1) Create an SNMPv3 user named v3User with cipher text password.
<Agent1> system-view
[Agent1] snmp-agent local-engineid 800063A203000056000000
# Configure an SNMPv3 group with the security level of authentication and privacy.
# Use SHA and local engine ID to convert the plain text password abcd.
# Use SHA and local engine ID to convert the plain text password 1234.
#Copy the configurations of the SNMPv3 user using the short keys Ctrl+C, that is, the
above terminal display with grey shading.
<Agent2> system-view
# Paste the copied content in the previous section by using the short keys Ctrl+V.
<Agent3> system-view
# Paste the copied content in the previous section by using the short keys Ctrl+V.
4.4.3 Verification
(1) Display the configurations of the current SNMPv3 users on Agent 1, Agent 2
and Agent 3 respectively. The displayed user names should be the same, so
are the passwords.
(2) Apply SNMPv3 on NMS, and access Agent 1, Agent 2 and Agent 3 by using the
user name v3User, authentication protocol SHA, authentication password abcd,
privacy protocol as DE5, and privacy password as 1234.
5 References
z RFC 2574
Copyright ©2008 Hangzhou H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou