Configuring/Enabling SNMPv3
Description
authentication-key and privacy-key of the user should not below the length requirements of the USM (min=8).
Security-level:If you create a snmpv3 user without adding to any group,then snmpwalk will use user’s permission;If the user add to a group with a mib-view,then snmpwalk will use group’s permission,and also support to use user’s permission to snmpwalk when user’s permission is higher then group’s permission.
Procedure
Firstly, need to select ‘Y’ when “Start OVS network snmp?(y|n)[n]:’
Secondly, should execute “ovs-vsctl set-snmp-enable true” to enable snmp
At last, you can configure snmpv3 commands such as snmp-mib-view,snmp-group,snmpv3_user,etc in your test environment.
need to enable snmp(ovs-vsctl set-snmp-enable true) to make snmpv3 works.
Commands
SNMPv3 User
ovs-vsctl set-snmpv3-user username=user1 readonly=true authentication-mode=MD5 authentication-key=pica8123 privacy-mode=DES privacy-key=11111111
----------Use this command to create or update a user.
ovs-vsctl list snmpv3-user
ovs-vsctl list snmpv3_user
---------- Use these commands to check the user
ovs-vsctl destroy snmpv3-user user1
ovs-vsctl destroy snmpv3_user user1
---------- Use these commands to delete the user
Note:Of course, privacy-mode and privacy-key, authentication_key are optional, but authentication-mode is mandatory. authentication_key and privacy_key are empty without setting them.
Readonly:true or false, “true” means using rouser,”false” means rwuser。
authentication_mode: MD5, SHA
privacy_mode: DES, AES, AES128
SNMP MIB View
ovs-vsctl set-snmp-mib-view name=view1 subtree=1.3.6.1.2.1.1.2.0 type=included mask=ff
---------- Use this command to create a mib-view
ovs-vsctl list snmp-mib-view
---------- Use this command to check a mib-view
admin@PICOS-OVS:/pica/core$ ovs-vsctl list snmp-mib-view
_uuid : 0f1fc049-c9c6-4386-8824-06c524b208b5
name : all
nodes : [505cd0c9-2dde-442e-b91f-798954f21635]
ovs-vsctl destroy snmp-mib-view view1
ovs-vsctl destroy snmp_mib_view view1
---------- Use these commands to delete a mib-view,but if the view is used in group,then failed to destroy it.
ovs-vsctl add-snmp-mib-view ...
---------- Use this command to append the parameters to the same view,parameters are the same with set-snmp-mib-view
ovs-vsctl set view_node $uuid subtree=… mask=…
---------- Use this command to modify subtree or mask individually
SNMP Group
ovs-vsctl set-snmp-group name=group1 users=user1,user2 security-level=AuthPriv read-view=view1 write-view=view1 notify-view=view1
---------- Use this command to create a group and add user and view to the group
security-level:
AuthPriv
AuthNoPriv
NoAuthNoPriv
ovs-vsctl add snmp-group group1 users $uuid
---------- Use this command to append a user to a group ,uuid is the user’s uuid
ovs-vsctl list snmp-group
ovs-vsctl list snmp_group
---------- Use these commands to check the group
ovs-vsctl destroy snmp-group group1
ovs-vsctl destroy snmp_group group1
---------- Use these commands to destroy the group
4)check all the snmpv3 configurations
ovs-appctl snmp/show-v3-config
check the validation of above configurations
you can check if the configurations works or not through snmpwalk/snmpset
eg:
snmpwalk -v 3 -u user1 -a MD5 -A 11111111 -x DES -X 11111111 -l authPriv 10.10.51.165 1.3.6.1.2.1.1.2.0
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.35098.1.13
Copyright © 2024 Pica8 Inc. All Rights Reserved.