SNMPv3 User Copy-And-Paste Function Configuration Examples

SNMPv3 User Copy-and-Paste Function Configuration Examples

SNMPv3 User Copy-and-Paste Function Configuration Examples Keywords: SNMP, copy, and paste. Abstract: If the NMS manages multiple devices (agents) through the SNMPv3 protocol, you need to specify SNMPv3 agent group, user name, user authentication mode/privacy protocol, and authentication passwords/privacy password on all devices. To avoid repeating the operations on these devices, you can first create an SNMPv3 user on one device, and then create the same users on other devices by using the SNMPv3 user copy-and-paste function. This document introduces the configuration steps of this function by giving examples. Acronyms: Acronym

Full spelling

AES

Advanced Encryption Standard

DES

Data Encryption Standard

MD5

Message Digest 5

NMS

Network Management Station

SNMP

Simple Network Management Protocol

Hangzhou H3C Technologies Co., Ltd.

1/9

SNMPv3 User Copy-and-Paste Function Configuration Examples

Table of Contents 1 Feature Overview ........................................................................................................................... 3 2 Application Scenarios ..................................................................................................................... 4 3 Configuration Guidelines ................................................................................................................ 4 4 SNMPv3 User Copy-and-Paste Function Configuration Example ................................................. 5 4.1 Network Requirements ........................................................................................................ 5 4.2 Configuration Considerations .............................................................................................. 6 4.3 Software Version Used ........................................................................................................ 6 4.4 Configuration Procedures .................................................................................................... 6 4.4.1 Configuration on Agent 1 .......................................................................................... 6 4.4.2 Configurations on Agent 2 and Agent 3 .................................................................... 7 4.4.3 Verification................................................................................................................. 8 5 References ..................................................................................................................................... 9

Hangzhou H3C Technologies Co., Ltd.

2/9

SNMPv3 User Copy-and-Paste Function Configuration Examples

1 Feature Overview When you create an SNMPv3 user on a device, you can input the authentication password/privacy password in two modes: z

Plain text password: When you create an SNMPv3 user, if you input the password in plain text, like 123, the system encrypts the password and stores it in the cache when executing the command for security purpose. When you display the current configuration using a command, the parameters displayed are in cipher text, like ED68BDD3A0AC7A5E459F6EB3D4B35B18, instead of the previously configured format.

z

Cipher text password: You can first convert a password into cipher text using the command provided by the device. When you creating an SNMPv3 user, if you

input

the

password

in

cipher

text,

like

ED68BDD3A0AC7A5E459F6EB3D4B35B18, the system do not encrypt the password when executing the command. When you display the current configuration using a command, the parameters displayed are in cipher text, like ED68BDD3A0AC7A5E459F6EB3D4B35B18, which are the same with the previously configured format. To sum up, if you input a password in plain text, the system will encrypt it when creating the user; if you input a password in cipher text, it means that you have encrypted the password before you create the user. In your application: z

If the password of an SNMPv3 user is in plain text, when you copy and paste the configurations of the user, that is, execute the command again, the system converts the password into another cipher text password. For example, if the original user name is A, the plain text password is B, after the copy-and-paste operations, user name is A, but the plain text password changes to C. To conclude, the paste-and-copy operations on an SNMPv3 user changes the plain text password.

Hangzhou H3C Technologies Co., Ltd.

3/9

SNMPv3 User Copy-and-Paste Function Configuration Examples z

If the password of an SNMPv3 user is in cipher text, when you copy and paste the configurations of the user, that is, execute the command again, the system do not convert the cipher text password. For example, if the original user name is A, the plain text password is B, after the copy-and-paste operations, user name is A, and the plain text password is still B. To conclude, the paste-andcopy operations on an SNMPv3 user do not change the cipher text password.

Therefore, you are recommended to input the password in cipher text if you need to copy and paste the configurations of an SNMPv3 user.

Note: z

A plain text password is required when the NMS accesses a device; therefore, if you specify a cipher text password for an SNMPv3 user, you must know the plain text password corresponding to the cipher text password you specified for the user.

z

Please use the Copy/Paste function of the terminal to copy and paste the configurations of an SNMPv3 user, for example, press the short keys Ctrl+C and Ctrl+V. Actual configuration depends on the model of your configure terminal. The configure terminals in this document support the short keys Ctrl+C and Ctrl+V.

2 Application Scenarios If the engine IDs of two devices are the same, you can copy and paste the SNMPv3 user with cipher text password on one device to another, and create the same user with the same password, thus facilitating batch configuration on network devices.

3 Configuration Guidelines z

If the password is in cipher text, the pri-password argument can be obtained by the snmp-agent calculate-password command. To make the calculated cipher text password applicable to and have the same effect as that in the snmp-agent usm-user v3 cipher command,, ensure that the same privacy protocol is specified for the two commands and the local engine ID specified in the snmp-agent usm-user v3 cipher command is consistent with the SNMP entity engine ID specified in the snmp-agent calculate-password command.

Hangzhou H3C Technologies Co., Ltd.

4/9

SNMPv3 User Copy-and-Paste Function Configuration Examples z

Before the copy and paste operations, ensure that the local SNMP entity engine ID of device A and that of device B when creating the user are the same. Devices have their own factory settings of SNMP entity engine ID, and you can modify the settings to be the same by using the snmp-agent local-engineid command.

z

If the local SNMP entity engine IDs of devices are different, the newly created user which is copied from another device is considered illegal. And when the NMS accesses the device using this user name and password, it fails to pass the authentication.

4 SNMPv3 User Copy-and-Paste Configuration Example

Function

4.1 Network Requirements z

There are two devices on the network: NMS and Agent 1; the NMS manages Agent 1; the NMS and Agent 1 can access each other using the following configurations: the user name is v3User, authentication protocol is SHA, plain text authentication password is abcd, privacy protocol is DES56, and plain text privacy password is 1234.

z

The network is extended by adding two devices Agent 2 and Agent 3, which are of the same model with Agent 1. To simplify network management, NMS accesses Agent 2 and Agent 3 by using the same user name, authentication mode and password, encryption mode and password with that it accesses Agent 1. Realize management from NMS on Agent 2 and Agent 3 in an easy and fast way. Agent 3

Agent 2

1.1.1.4/24 1.1.1.5/24

NMS Agent 1 1.1.1.2/24

1.1.1.1/24

IP network

Figure 1 Network diagram for SNMPv3 user copy-and-paste

Hangzhou H3C Technologies Co., Ltd.

5/9

SNMPv3 User Copy-and-Paste Function Configuration Examples

4.2 Configuration Considerations Create an SNMPv3 user on Agent 1, and realize management of NMS on Agent 2 and Agent 3 by copying and pasting the configurations on Agent 1 to other agents. z

Create an SNMPv3 user named v3User on Agent 1 with cipher text password, and configure that the cipher text password can be calculated from the plain text password, authentication mode and SNMP entity engine ID.

z

Copy the configuration file on Agent 1, and paste it to Agent 2 and Agent 3 respectively.

4.3 Software Version Used This example is configured and verified on COMWAREV500R002B49D001

4.4 Configuration Procedures

Note: The following configurations are made on devices that are using default settings and verified in a lab environment. When using the following configurations on your devices in a live network, make sure they do not conflict with your current configurations to prevent potential negative impact on your network.

4.4.1 Configuration on Agent 1 I. Configuration procedure (1)

Create an SNMPv3 user named v3User with cipher text password.

# Configure local SNMP entity engine ID. system-view [Agent1] snmp-agent local-engineid 800063A203000056000000

# Configure an SNMPv3 group with the security level of authentication and privacy. [Agent1] snmp-agent group v3 v3Group privacy

# Use SHA and local engine ID to convert the plain text password abcd.

Hangzhou H3C Technologies Co., Ltd.

6/9

SNMPv3 User Copy-and-Paste Function Configuration Examples [Agent1] snmp-agent calculate-password abcd mode sha local-engineid The secret key is: 5496DF6FEB168CF60DEC15479F921F9CC7A15478

# Use SHA and local engine ID to convert the plain text password 1234. [Agent1] snmp-agent calculate-password 1234 mode sha local-engineid The secret key is: BCC979BC3FB858A7A98B2AB79D163FA5D3918767

# Create an SNMPv3 user named v3User, configure the security level as authentication and privacy, the authentication protocol as SHA, the plain text authentication password as abcd, privacy protocol as DES56, and plain text privacy password as 1234. [Agent1] snmp-agent usm-user v3 v3User v3Group cipher authentication-mode sha

5496DF6FEB168CF60DEC15479F921F9CC7A15478

privacy-mode

des56

BCC979BC3FB858A7A98B2AB79D163FA5D3918767

(2)

Copy SNMPv3 user configurations

# Display the configuration file. [Agent1] display current-configuration | include snmp-agent snmp-agent local-engineid 800063A203000056000000 snmp-agent group v3 v3Group privacy snmp-agent calculate-password abcd mode sha local-engineid snmp-agent calculate-password 1234 mode sha local-engineid snmp-agent

usm-user

v3

v3User

v3Group

cipher

5496DF6FEB168CF60DEC15479F921F9CC7A15478

authentication-mode privacy-mode

sha

des56

BCC979BC3FB858A7A98B2AB79D163FA5D3918767

#Copy the configurations of the SNMPv3 user using the short keys Ctrl+C, that is, the above terminal display with grey shading.

4.4.2 Configurations on Agent 2 and Agent 3 I. Configuration procedure on Agent 2 #Enter system view. system-view

# Paste the copied content in the previous section by using the short keys Ctrl+V. [Agent2] snmp-agent local-engineid 800063A203000056000000 [Agent2] snmp-agent group v3 v3Group privacy [Agent2] snmp-agent usm-user v3 v3User v3Group cipher authentication-mode sha

5496DF6FEB168CF60DEC15479F921F9CC7A15478

privacy-mode

des56

BCC979BC3FB858A7A98B2AB79D163FA5D3918767 [Agent2]

Hangzhou H3C Technologies Co., Ltd.

7/9

SNMPv3 User Copy-and-Paste Function Configuration Examples

II. Configuration procedure on Agent 3 # Enter system view. system-view

# Paste the copied content in the previous section by using the short keys Ctrl+V. [Agent3] snmp-agent local-engineid 800063A203000056000000 [Agent3] snmp-agent group v3 v3Group privacy [Agent3] snmp-agent usm-user v3 v3User v3Group cipher authentication-mode sha

5496DF6FEB168CF60DEC15479F921F9CC7A15478

privacy-mode

des56

BCC979BC3FB858A7A98B2AB79D163FA5D3918767 [Agent3]

4.4.3 Verification (1)

Display the configurations of the current SNMPv3 users on Agent 1, Agent 2 and Agent 3 respectively. The displayed user names should be the same, so are the passwords.

# Display the configurations of the current SNMPv3 user on Agent 1. [Agent1] display current-configuration | include v3User snmp-agent

usm-user

v3

v3User

v3Group

cipher

5496DF6FEB168CF60DEC15479F921F9CC7A15478

authentication-mode privacy-mode

sha

des56

BCC979BC3FB858A7A98B2AB79D163FA5D3918767

# Display the configurations of the current SNMPv3 user on Agent 2. [Agent2] display current-configuration | include v3User snmp-agent

usm-user

v3

v3User

v3Group

cipher

5496DF6FEB168CF60DEC15479F921F9CC7A15478

authentication-mode privacy-mode

sha

des56

BCC979BC3FB858A7A98B2AB79D163FA5D3918767

# Display the configurations of the current SNMPv3 user on Agent 3. [Agent3] display current-configuration | include v3User snmp-agent

usm-user

v3

v3User

v3Group

5496DF6FEB168CF60DEC15479F921F9CC7A15478

cipher

authentication-mode privacy-mode

sha

des56

BCC979BC3FB858A7A98B2AB79D163FA5D3918767

(2)

Apply SNMPv3 on NMS, and access Agent 1, Agent 2 and Agent 3 by using the user name v3User, authentication protocol SHA, authentication password abcd, privacy protocol as DE5, and privacy password as 1234.

Hangzhou H3C Technologies Co., Ltd.

8/9

SNMPv3 User Copy-and-Paste Function Configuration Examples

5 References z

RFC 2574

Copyright ©2008 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. The information in this document is subject to change without notice.

Hangzhou H3C Technologies Co., Ltd.

9/9