HP MSR1003-8S Command Reference Manual page 214
Msr series network management and monitoring
Hide thumbs
Also See for MSR1003-8S:
- Installation manual (46 pages) ,
- Configuration manual (400 pages)
Table of Contents
Advertisement
the group of users. The authentication and encryption algorithms for each user are specified when
they are created.
Role based access control—The RBAC mode controls access to MIB objects by assigning user roles
•
to SNMP users.
An SNMP user with a predefined user role network-admin or level- 1 5 has the read and write
access to all MIB objects.
An SNMP user with a predefined user role network-operator has the read-only access to all MIB
objects.
An SNMP user with a user role specified by the role command accesses MIB objects through the
user role rules specified by the rule command.
After creating an SNMPv3 user in this mode, you can use the snmp-agent usm-user v3 user-role
command to assign a maximum of 64 user roles to the SNMPv3 user.
In VACM mode, if you configure an SNMPv3 user multiple times, the most recent configuration takes
effect.
In RBAC mode, you can assign different user roles to an SNMPv3 user:
•
If you specify only user roles but do not change any other settings, the snmp-agent usm-user v3
command assigns different user roles to the user. Other settings remain unchanged.
If you specify user roles and also change other settings, the snmp-agent usm-user v3 command
•
assigns different user roles to the user. The most recent configuration for other settings takes effect.
For an NMS to access an agent:
The RBAC mode requires the user role bound to the username to have the same access right to MIB
•
objects as the NMS.
The VACM mode requires only the access right from the NMS to MIB objects.
•
HP recommends the RBAC mode because it is more secure.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Make sure you remember the username and the plain text of the keys. When you access the device from
an NMS, you must provide this information.
Examples
In VACM mode:
# Add the user testUser to the SNMPv3 group testGroup, and enable the authentication without privacy
security model for the group. Specify the authentication algorithm SHA- 1 and the authentication key
123456TESTplat&! in plain text for the user.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup authentication
[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha
123456TESTplat&!
# For an NMS to access the MIB objects in the default view ViewDefault, make sure the following
configurations on the NMS are the same as the SNMP agent:
SNMPv3 username.
•
SNMP protocol version.
•
Authentication algorithm and key.
•
# Add the user testUser to the SNMPv3 group testGroup, and enable the authentication and privacy
security model for the group. Specify the authentication algorithm SHA- 1 , the privacy algorithm AES, the
203
Hide quick links:
Advertisement
Table of Contents
