Simple Network Management Protocol (SNMP) Users Configuration on ESW2-350G Switches

Objective

A Simple Network Management Protocol (SNMP) user is defined by its login credentials (username, passwords, and authentication method) and it is operated in association with an SNMP group and engine ID. Only SNMPv3 uses SNMP users. Users with access privileges are associated with an SNMP view.

For example, SNMP users might be configured by a network manager to associate them to a group so that access rights can be assigned to a group of users in that particular group rather than to a single user. A user is allowed to belong only to a single group.

Note: In order to create an SNMPv3 user the following configurations must be done first.

• An Engine ID must be configured, refer to the article Simple Network Management Protocol (SNMP) Engine ID Configuration on ESW2-350G Switches for more information

• An SNMPv3 Group must be available, refer to the article Simple Network Management Protocol (SNMP) Group Configuration on ESW2-350G Switches for more information.

This document explains how to create and configure SNMP users on ESW2-350G Switches.

Applicable Devices

• ESW2-350G
• ESW2-350G-DC

Software Version

• 1.3.0.62

SNMP Users Information

Step 1. Log in to the web configuration utility and choose SNMP > Users. The Users page opens:

The User Table displays information about the existing users.

• User Name — Denotes the name of the SNMP user.

• Group Name — Specifies the group to which the SNMP user belongs.

• Engine ID — Specifies the SNMP engine ID used by the user.

• IP Address — Specifies the IP address associated with the Engine ID that is used by the user.

• Authentication Method — Denotes the method of authentication that is used by the user.

• Privacy Method — Denotes the method of privacy that is used by the user.

Creation of SNMP Users

Step 1. Log in to the web configuration utility and choose SNMP > Users. The Users page opens. A SNMP user can be created only if the SNMP engine ID and the SNMP group are configured on the switch. 

Step 2. Click Add to create a new SNMP user. The Add User window appears:

Step 3. Enter the desired name of the SNMP user in the User Name field.

Step 4. Click the desired radio button in the Engine ID field that specifies the SNMP entity to which the SNMP user is connected. This denotes the IP address associated with the Engine ID.

• Local — Denotes that the user is connected to the local switch.

• Remote IP Address — Denotes that the user is connected to an SNMP entity other than the local switch. Choose a remote IP address from the adjacent drop-down list. These Remote IP address are the IP address configured in SMNP Engine ID.

Note: When the local SNMP Engine ID is changed or removed, it deletes the SNMPv3 User Database. In order for the inform messages and request information to be received, both the local and the remote user must be defined.

Step 5. Choose the name of the SNMP group to which the SNMP user belongs from the Group Name drop-down list.

Step 6. Click the radio button that corresponds to the desired authentication method for the SNMP user in the Authentication Method field. The available authentication methods vary based on the Group Name assigned. If authentication is not required by the group, no authentication can be assigned to the group.

• None — Denotes no user authentication is used.

• MD5 Password — A password entered by the user is encrypted with MD5. MD5 is a cryptographic hash function which has a 128-bit hash value and is commonly used for data integrity. 

• SHA Password — A password entered by the user is encrypted with the SHA (Secure Hash Algorithm) authentication method. Hash functions are used to convert an input of arbitrary size to an output of fixed size. SHA produces a 160-bit hash value.

Step 7. If an authentication method was clicked, click the radio button for the desired method in which the password needs to be entered and enter the authentication password in the Authentication Password field. The entered password can be in a Plaintext form or Encrypted form. Local user passwords are compared and matched with a local database.

Step 8. Click the radio button for the desired privacy method from the options in the Privacy Method field.

• None — Privacy password is not encrypted.

• DES — Privacy password is encrypted with the Data Encryption Standard. It is a standard which takes a 64 bit input value and uses a 56-bit key for encryption and decryption of the messages. It is a symmetric encryption algorithm where the sender and the receiver use the same key.

Note: Privacy Methods can be configured only for groups with Authentication and Privacy configured. Refer to article Simple Network Management Protocol (SNMP) Group Configuration on ESW2-350G Switches.

Step 9. If the privacy method is chosen as DES, click the radio button for the desired method in which the password needs to be entered, and enter the privacy password which can be in a Plaintext form or Encrypted form in the Privacy Password field. Local user passwords are compared to a local database and can contain up to 32 ASCII characters.

Note: The set password is displayed in the Encrypted form by default. In order to change it to Plaintext form click Display Sensitive Data As Plaintext. A warning window appears. Click OK and the password is displayed in Plaintext form.

Step 10. Click Apply to apply the settings. The user is added to the User Table. 

Modify SNMP Users

Step 1. Log in to the web configuration utility and choose SNMP > Users. The Users page opens.

Step 2. Choose the desired user and click Edit to edit a user. The Edit User window appears:

Step 3. Edit the configuration which needs to be edited. 

Step 4. Click Apply. The settings are applied.

Step 5. (Optional) In order to delete the users from the User Table, check the respective check box and click Delete.