Use the NE LI user account to open an SSH session on the NE. See Chapter 10, Device CLI sessions for information about opening an SSH session on an NE.

Enter the following command to obtain the SNMP engine ID of the NE.

show system info ↵

The SNMP engine ID is displayed as SNMP Engine ID.

Record the SNMP engine ID for use in the following steps.

Generate an authentication key and a privacy key.

• An authentication key is used to encrypt a user password.

• A privacy key is used to encrypt the user SNMP packets.

Note: The key authentication method determines the key length.

1. Log in to an NFM-P single-user client, client delegate server, or main server station.

   Note:

   If you log in to a RHEL main or client delegate server station, you must log in as the nsp user.

   If you log in to a single-user client station, you must log in as the user who installed the client, or as a local administrator.

2. Open a console window.

3. On a RHEL station, navigate to the install_directory/nms/bin directory, where install_directory is one of the following:

   • the NFM-P main server installation location, /opt/nsp/nfmp/server

   • the NFM-P single-user client or client delegate server installation location, typically /opt/nsp/client

4. On a Windows station, navigate to the install_directory\nms\bin directory, where install_directory is the NFM-P single-user client or client delegate server installation location, typically C:\nsp\client.

5. Enter one of the following to create an authentication key:

   • on a RHEL station:

   ./nmsclient.bash password2key method password engine_ID ↵

   • on a Windows station:

   nmsclient.bat password2key method password engine_ID ↵

   where

   method is the authentication method, either MD5, SHA, SHA224, SHA256, SHA384 or SHA512

   password is the authentication key password

   engine_ID is the SNMP engine ID obtained in   Step 2

   Note: You must enclose a password that contains a special character in single quotation marks; for example:

   password2key method 'Mypa$$word'

   Only use the authentication key from the output.

6. Enter the following to create a privacy key.

   • on a RHEL station:

   ./nmsclient.bash password2key method password engine_ID ↵

   • on a Windows station:

   nmsclient.bat password2key method password engine_ID ↵

   where

   method is the authentication method, either MD5, SHA, SHA224, SHA256, SHA384 or SHA512

   password is the privacy key password

   engine_ID is the SNMP Engine ID of the SR, in hexadecimal form with 10-64 hex digits (5-32 bytes)

   Note: You must enclose a password that contains a special character in single quotation marks; for example:

   password2key method 'Mypa$$word'

   The list of privacy keys for each privacy method is displayed.

7. Store the generated keys for your applicable authentication and privacy methods.

Using the keys generated in Step 4 , enter the following commands in sequence at the CLI prompt to change the LI user password and to configure LI security for the user account

1. Enter the following sequence of commands at the prompt:

   configure system security user username ↵

   password new_LI_password ↵

   snmp ↵

   authentication auth_method authentication_key privacy priv_method privacy_key ↵

   group SNMPv3_group ↵

   exit all ↵

   where

   username is the name of the LI user account on the NE

   new_LI_password is the new password for the LI user account on the NE

   auth_method can be:

   hmac-md5-96   hmac-sha1-96  hmac-sha2-224 hmac-sha2-256 hmac-sha2-384 hmac-sha2-512

   authentication_key is the authentication key value generated in Step 4

   priv_method can be:

   cbc-des   cfb128-aes-128  cfb128-aes-192  cfb128-aes-256

   privacy_key is the privacy key value generated in Step 4

2. Enter the following to save the configuration changes:

   admin save ↵

3. Close the CLI session.

End of steps