Configuring/Enabling SNMPv3


Description

authentication-key and privacy-key of the user should not below the length requirements of the USM (min=8).

Security-level:If you create a snmpv3 user without adding to any group,then snmpwalk will use user’s permission;If the user add to a group with a mib-view,then snmpwalk will use group’s permission,and also support to use user’s permission to snmpwalk when user’s permission is higher then group’s permission.

Procedure

Firstly, need to select ‘Y’ when “Start OVS network snmp?(y|n)[n]:’

Secondly, should execute “ovs-vsctl set-snmp-enable true” to enable snmp

At last, you can configure snmpv3 commands such as snmp-mib-view,snmp-group,snmpv3_user,etc in your test environment.

need to enable snmp(ovs-vsctl set-snmp-enable true) to make snmpv3 works.

 

Commands

SNMPv3 User

ovs-vsctl set-snmpv3-user username=user1 readonly=true authentication-mode=MD5 authentication-key=pica8123 privacy-mode=DES privacy-key=11111111

----------Use this command to create or update a user.

ovs-vsctl list snmpv3-user

ovs-vsctl list snmpv3_user

---------- Use these commands to check the user

ovs-vsctl destroy snmpv3-user user1

ovs-vsctl destroy snmpv3_user user1

---------- Use these commands to delete the user

 

Note:Of course, privacy-mode and privacy-key, authentication_key are optional, but authentication-mode is mandatory. authentication_key and privacy_key are empty without setting them.

Readonly:true or false, “true” means using rouser,”false” means rwuser

authentication_mode: MD5, SHA

privacy_mode: DES, AES, AES128


SNMP MIB View

ovs-vsctl set-snmp-mib-view name=view1 subtree=1.3.6.1.2.1.1.2.0 type=included mask=ff

---------- Use this command to create a mib-view

ovs-vsctl list snmp-mib-view

---------- Use this command to check a mib-view

admin@PICOS-OVS:/pica/core$ ovs-vsctl list snmp-mib-view

_uuid               : 0f1fc049-c9c6-4386-8824-06c524b208b5

name                : all

nodes               : [505cd0c9-2dde-442e-b91f-798954f21635]

ovs-vsctl destroy snmp-mib-view view1

ovs-vsctl destroy snmp_mib_view view1

---------- Use these commands to delete a mib-view,but if the view is used in group,then failed to destroy it.

ovs-vsctl add-snmp-mib-view ...

---------- Use this command to append the parameters to the same view,parameters are the same with set-snmp-mib-view

ovs-vsctl set view_node $uuid subtree=… mask=…

---------- Use this command to modify subtree or mask individually


SNMP Group

ovs-vsctl set-snmp-group name=group1 users=user1,user2 security-level=AuthPriv read-view=view1 write-view=view1 notify-view=view1

---------- Use this command to create a group and add user and view to the group

security-level:

AuthPriv

AuthNoPriv

NoAuthNoPriv

ovs-vsctl add snmp-group group1 users $uuid

---------- Use this command to append a user to a group ,uuid is the user’s uuid

ovs-vsctl list snmp-group

ovs-vsctl list snmp_group

---------- Use these commands to check the group

ovs-vsctl destroy snmp-group group1

ovs-vsctl destroy snmp_group group1

---------- Use these commands to destroy the group

4)check all the snmpv3 configurations

ovs-appctl snmp/show-v3-config

check the validation of above configurations

you can check if the configurations works or not through snmpwalk/snmpset

eg:

snmpwalk -v 3 -u user1 -a MD5 -A 11111111 -x DES -X 11111111 -l authPriv 10.10.51.165 1.3.6.1.2.1.1.2.0

iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.35098.1.13



Copyright © 2024 Pica8 Inc. All Rights Reserved.