Brocade SNMP v3 setup

There are 6 preconfigured SNMPv3 users in FOS, you have to use one of them.
  • snmpadmin1..3 (User 1..3) in "rw" group
  • snmpuser1..3 (User 4..6) in "ro" group
Default Auth and Priv properties are set to: "noAuth" and "noPriv"
Select one of the default read-only users and modify it.

Check current SNMPv3 configuration

admin> snmpconfig --show snmpv3
  SNMP Informs = 0 (OFF)
  SNMPv3 USM configuration:
  User 1 (rw): snmpadmin1
        Auth Protocol: noAuth
        Priv Protocol: noPriv
  User 2 (rw): snmpadmin2
        Auth Protocol: noAuth
        Priv Protocol: noPriv
  User 3 (rw): snmpadmin3
        Auth Protocol: noAuth
        Priv Protocol: noPriv
  User 4 (ro): snmpuser1
        Auth Protocol: noAuth
        Priv Protocol: noPriv
  User 5 (ro): snmpuser2
        Auth Protocol: noAuth
        Priv Protocol: noPriv
  User 6 (ro): snmpuser3
        Auth Protocol: noAuth
        Priv Protocol: noPriv
Modify selected user
  • change default name from "snmpuserX" to "xormon"
  • select Auth and Priv protocols to fit your requirements
  • set Auth and Priv passwords
Note:
Auth and Priv passwords must have at least 8 characters
Press enter for entries you don't want to change (works for passwords as well)

Example

  • change default user "snmpuser1" to "xormon"
  • set Auth Protocol to SHA
  • set Priv Protocol to AES128
admin> snmpconfig --set snmpv3
  SNMP Informs Enabled (true, t, false, f): [false]
  SNMPv3 user configuration(snmp user not configured in FOS user database will have physical AD and admin role as the default):
  User (rw): [snmpadmin1]
    Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
    Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
  User (rw): [snmpadmin2]
    Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
    Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
  User (rw): [snmpadmin3]
    Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
    Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
  User (ro): [snmpuser1] xormon                                              << modified user
    Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] 2                    << modified user
  New Auth Passwd:                                                           << modified user
  Verify Auth Passwd:                                                        << modified user
  Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (1..4) [2] 3        << modified user
  New Priv Passwd:                                                           << modified user
  Verify Priv Passwd:                                                        << modified user
  User (ro): [snmpuser2]
    Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
    Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
  User (ro): [snmpuser3]
    Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
    Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
  Committing configuration.....done.

Check the configuration

admin> snmpconfig --show snmpv3
  SNMP Informs = 0 (OFF)
  SNMPv3 USM configuration:
  User 1 (rw): snmpadmin1
        Auth Protocol: noAuth
        Priv Protocol: noPriv
  User 2 (rw): snmpadmin2
        Auth Protocol: noAuth
        Priv Protocol: noPriv
  User 3 (rw): snmpadmin3
        Auth Protocol: noAuth
        Priv Protocol: noPriv
  User 4 (ro): xormon                            < modified user
	Auth Protocol: SHA                       < modified user
        Priv Protocol: AES128                    < modified user
  User 5 (ro): snmpuser2
        Auth Protocol: noAuth
        Priv Protocol: noPriv
  User 6 (ro): snmpuser3
        Auth Protocol: noAuth
        Priv Protocol: noPriv

DES vrs AES

Do not use old DES protocol, use AES instead.
New Linuxes do not support DES protocol anyway, you might check if your operating systems supports it or does not
If bellow cmd prints anything then DES is supported and you can use it, but try to avoid that
openssl ciphers | grep  DES

Add SAN switch to XorMon NG

Brocade SNMP v3 setup