To enable SNMPv3 management of a device
Before you begin
If you are configuring an NE for LI, you must create a second access group. See Chapter 94, Lawful Intercept for information about creating an LI user and access group.
SROS 22.2 R1 and later NEs do not support some combinations of authentication and privacy:
Steps
1 |
Open a CLI session on the device. |
2 |
Enter the following commands in the order shown to create a read-write-notify group for general SNMP mediation on the managed device: configure system security snmp ↵ access group “SNMPv3_group” security-model usm security-level privacy read “iso” write “iso” notify “iso” ↵ where SNMPv3_group is the name to assign to the new SNMP group |
3 |
If mediation of VPRN objects is required (for configured VPRN or internal VPRN from an Ethernet satellite), enter the following command to create a read-write-notify group for this purpose on the managed device: access group “SNMPv3_group” security-model usm security-level privacy context vprn prefix read “vprn-view” write “vprn-view” notify “iso” ↵ where SNMPv3_group is the name to assign to the new SNMP group |
4 |
Enter the following command to exit the SNMP group configuration. exit ↵ |
5 |
Enter the following command to obtain the SNMP engine ID of the device. show system info ↵ The SNMP engine ID is displayed as SNMP Engine ID. |
6 |
Generate an authentication key and a privacy key. Note: The key authentication method determines the key length.
|
7 |
Using the keys generated in Step 6 , create an SNMPv3 user on the managed device.
|
8 |
Create an SNMPv3 NE user in the NFM-P. See the section on NE user and device security in the NSP System Administrator Guide for specific information about creating and configuring NE users.
|
9 |
If you are performing this procedure for device discovery, see Workflow for device discovery for the next steps. End of steps |