Creating And Modifying Users; About Aes Encryption-Based Privacy - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

Creating and Modifying Users

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
You can begin communicating with the agent once your user name is created, your roles are set up by
your administrator, and you are added to the roles.
Creating and Modifying Users
You can create users or modify existing users using SNMP, Fabric Manager, or the CLI.
•
•
•
A network-operator and network-admin roles are available in a Cisco MDS 9000 Family switch. There
is also a default-role if you want to use the GUI (Fabric Manager and Device Manager). You can also
use any role that is configured in the Common Roles database (see the
section on page
All updates to the CLI security database and the SNMP user database are synchronized. You can use the
Tip
SNMP password to log into either Fabric Manager or Device Manager. However, after you use the CLI
password to log into Fabric Manager or Device Manager, you must use the CLI password for all future
logins. If a user exists in both the SNMP database and the CLI database before upgrading to Cisco MDS
SAN-OS Release 2.0(1b), then the set of roles assigned to the user becomes the union of both sets of
roles after the upgrade.
This section includes the following topics:
•
•
•
•
•

About AES Encryption-Based Privacy

The Advanced Encryption Standard (AES) is the symmetric cipher algorithm. The Cisco NX-OS
software uses AES as one of the privacy protocols for SNMP message encryption and conforms with
RFC 3826.
The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The
priv option along with the aes-128 token indicates that this privacy password is for generating a 128-bit
AES key. The AES priv password can have a minimum of eight characters. If the passphrases are
specified in clear text, you can specify a maximum of 64 characters. If you use the localized key, you
can specify a maximum of 130 characters.
For an SNMPv3 operation using the external AAA server, user configurations in the external AAA server
Note
require AES to be the privacy protocol to use SNMP PDU encryption.
Cisco MDS 9000 Family Fabric Manager Configuration Guide
40-4
SNMP—Create a user as a clone of an existing user in the usmUserTable on the switch. Once you
have created the user, change the cloned secret key before activating the user. Refer to RFC 2574.
Fabric Manager—See the
CLI—Create a user or modify an existing user using the snmp-server user command.
32-15).
About AES Encryption-Based Privacy, page 40-4
Enforcing SNMPv3 Message Encryption, page 40-5
Assigning SNMPv3 Users to Multiple Roles, page 40-6
Adding Communities, page 40-7
Deleting a Community String, page 40-7
"Configuring Users" section on page
Chapter 40 Configuring SNMP
39-12.
"Configuring User Accounts"
OL-17256-03, Cisco MDS NX-OS Release 4.x