Configure SNMPv3 user password

For enhanced NE security mode, the password of the SNMPv3 NE user must conform to specific criteria.

If the user password does not currently conform to the following criteria, change the password to meet the criteria:

• 10 or more characters in length

• does not include the username

• includes 3 or fewer consecutive instances of the same character

• includes 1 or more lower-case characters

• includes 1 or more upper-case characters

• includes 1 or more numeric characters

1. Choose Administration→Security→NE User Configuration from the NFM-P main menu. The NE User Configuration form opens.

2. Select the ADP SNMPv3 user and click Properties. The NE User (Edit) form opens.

3. Configure the Password and Confirm Password parameters using a value that meets the required criteria.

4. Click OK to save your changes and close the form.

The password for SSH and FTP access in the ADP mediation security policy must match the password of the SNMPv3 NE user.

If the passwords do not match, update the password in the mediation security policy.

1. Choose Administration→Mediation from the NFM-P main menu. The Mediation (Edit) form opens.

2. Select the ADP mediation policy and click Properties. The Mediation Policy (Edit) form opens.

3. Configure the User Password and Confirm Password parameters in the CLI panel using the SNMPv3 NE user password.

4. Configure the User Password and Confirm Password parameters in the FTP panel using the SNMPv3 NE user password.

5. Click OK to save your changes and close the form.

Configure NE password policy

Choose Administration→Security→NE Password Policy from the NFM-P main menu. The NE Password Policy form opens.

Configure the following parameters using the values shown:

• Properties panel:

  • Lockout Time (minutes)—10

  • Minimum Length—10

  • Maximum Attempts—10 or fewer

  • Maximum Attempts Time (minutes)—10 or less

• Complexity Rules panel:

  • User Name Allowed in Password—False

  • Maximum Number Of Times Character Can Used Consecutively—3 or fewer

  • Minimum Number Of LowerCase Characters—1 or more

  • Minimum Number Of UpperCase Characters—1 or more

  • Minimum Number Of Numeric—1 or more

Click OK to save your changes and close the form.

Configure NE security policy

Choose Administration→Security→NE System Security from the NFM-P main menu. The NE System Security form opens.

Select one or more NEs and click Properties. A properties form opens.

Select the Exponential BackOff parameter.

Click on the Servers Configuration tab.

In the SSH Configuration panel, configure the SSH Version parameter by selecting Version 2 and deselecting the following:

• Version 1

• Version 1-2

Click OK to save your changes and close the form.

Configure NFM-P main servers

Perform the following steps on each main server station.

1. Log in as the nsp user on the main server station.

2. Open a console window.

3. Navigate to the /opt/nsp/nfmp/server/nms/config directory.

4. Create a backup copy of the nms-server.xml file.

5. Open the nms-server.xml file using a plain-text editor such as vi.

6. Locate the section that begins with following XML tag:

     <policyConfig

7. Insert the following line before the last line of the section, which ends with the /> tag:

               enhancedNESecurityMode="true"

8. Save and close the file.

On the standalone main server, or the primary main server in a redundant system, enter the following:

bash$ /opt/nsp/nfmp/server/nms/bin/nmsserver.bash read_config ↵

The NFM-P puts the configuration change into effect.

Close the open console windows.

End of steps