Configuring SNMPv3
You configure SNMPv3 under Administration > System Settings: SNMP v3. SNMPv3 provides additional authentication and access control for message security. For example, you can verify the identity of the SNMP entity (manager or agent) sending the message.
The SNMP service is disabled by default. We recommend that you enable it for improved security. If you encounter the error “Cannot generate the authentication key for a new User because the SNMP subsystem is not running.” you’ll need to enable SNMP by running the pm process snmpd launch auto command. You can verify that SNMP is enabled by running the show pm process snmpd command.
RiOS supports SNMPv3 message encryption for increased security.
Using SNMPv3 is more secure than SNMPv1 or v2; however, it requires more configuration steps to provide the additional security features.
1. Create the SNMP-server users. Users can be authenticated using either a password or a key.
2. Configure SNMP-server views to define which part of the SNMP MIB tree is visible.
3. Configure SNMP-server groups, which map users to views, allowing you to control who can view what SNMP information.
4. Configure the SNMP-server access policies that contain a set of rules defining access rights. Based on these rules, the entity decides how to process a given request.
Creating users for SNMPv3
Under Users, these configuration options are available:
Add a New User
Displays the controls to add a new user.
User Name
Specifies the username.
Authentication Protocol
Specifies an authentication method from the drop-down list:
• MD5 specifies the Message-Digest 5 algorithm, a widely used cryptographic hash function with a 128-bit hash value. This is the default value.
• SHA specifies the Secure Hash Algorithm, a set of related cryptographic hash functions. SHA is considered to be the successor to MD5.
Authentication
Specifies either Supply a Password or Supply a Key to use while authenticating users.
Password/Password Confirm
Specifies a password. The password must have a minimum of eight characters. Confirm the password in the Password Confirm text box.
Use Privacy Option
Specifies SNMPv3 encryption.
Privacy Protocol
Specifies either the AES or DES protocol from the drop-down list. AES uses the AES128 algorithm.
Privacy
Specifies Same as Authentication, Supply a Password, or Supply a Key to use while authenticating users. The default setting is Same as Authentication.
Privacy Password
Specifies a password. The password must have a minimum of eight characters. Confirm the password in the Privacy Password Confirm text box. (This option appears only when you select Supply a Password.)
Key
Specifies a unique authentication key. The key is an MD5 or SHA-1 digest created using md5sum or sha1sum. (This option appears only when you select Supply a Key.)
MD5/SHA Key
Specifies a unique authentication key. The key is either a 32-hexadecimal digit MD5 or a 40-hexadecimal digit SHA digest created using md5sum or sha1sum. (This option appears only when you select Supply a Key.)