Brocade SNMP v3 setup
There are 6 preconfigured SNMPv3 users in FOS, you have to use one of them.
- snmpadmin1..3 (User 1..3) in "rw" group
- snmpuser1..3 (User 4..6) in "ro" group
Select one of the default read-only users and modify it.
Check current SNMPv3 configuration
admin> snmpconfig --show snmpv3
SNMP Informs = 0 (OFF)
SNMPv3 USM configuration:
User 1 (rw): snmpadmin1
Auth Protocol: noAuth
Priv Protocol: noPriv
User 2 (rw): snmpadmin2
Auth Protocol: noAuth
Priv Protocol: noPriv
User 3 (rw): snmpadmin3
Auth Protocol: noAuth
Priv Protocol: noPriv
User 4 (ro): snmpuser1
Auth Protocol: noAuth
Priv Protocol: noPriv
User 5 (ro): snmpuser2
Auth Protocol: noAuth
Priv Protocol: noPriv
User 6 (ro): snmpuser3
Auth Protocol: noAuth
Priv Protocol: noPriv
Modify selected user
- change default name from "snmpuserX" to "xormon"
- select Auth and Priv protocols to fit your requirements
- set Auth and Priv passwords
Auth and Priv passwords must have at least 8 characters
Press enter for entries you don't want to change (works for passwords as well)
Example
Use preferably AES128 if you are not sure that your Operating System supports higher AES in snmp-perl moduleNote that snmpwalk might work, just problem could be snmp-perl module only as it has different support matrix
- change default user "snmpuser1" to "xormon"
- set Auth Protocol to SHA
- set Priv Protocol to AES128
admin> snmpconfig --set snmpv3
SNMP Informs Enabled (true, t, false, f): [false]
SNMPv3 user configuration(snmp user not configured in FOS user database will have physical AD and admin role as the default):
User (rw): [snmpadmin1]
Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
User (rw): [snmpadmin2]
Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
User (rw): [snmpadmin3]
Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
User (ro): [snmpuser1] xormon << modified user
Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] 2 << modified user
New Auth Passwd: << modified user
Verify Auth Passwd: << modified user
Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (1..4) [2] 3 << modified user
New Priv Passwd: << modified user
Verify Priv Passwd: << modified user
User (ro): [snmpuser2]
Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
User (ro): [snmpuser3]
Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
Committing configuration.....done.
Check the configuration
admin> snmpconfig --show snmpv3
SNMP Informs = 0 (OFF)
SNMPv3 USM configuration:
User 1 (rw): snmpadmin1
Auth Protocol: noAuth
Priv Protocol: noPriv
User 2 (rw): snmpadmin2
Auth Protocol: noAuth
Priv Protocol: noPriv
User 3 (rw): snmpadmin3
Auth Protocol: noAuth
Priv Protocol: noPriv
User 4 (ro): xormon < modified user
Auth Protocol: SHA < modified user
Priv Protocol: AES128 < modified user
User 5 (ro): snmpuser2
Auth Protocol: noAuth
Priv Protocol: noPriv
User 6 (ro): snmpuser3
Auth Protocol: noAuth
Priv Protocol: noPriv
DES vrs AES
Do not use old DES protocol, use AES instead.New Linuxes do not support DES protocol anyway, you might check if your operating systems supports it or does not
If bellow cmd prints anything then DES is supported and you can use it, but try to avoid that
openssl ciphers | grep DES
Add SAN switch to XorMon
 |
Note: when using AES256 privacy protocol, at least SHA256 must be used as authentication protocol