« More Adobe UI Fuckups | Main | Et Tu Garmin? »
So after googling around, I found out how to do this, on a really badly-formatted site. So, here it is, a bit neater:
- ssh into the switch, and enter configuration mode with "configure"
- run: "snmpv3 enable"
- you'll have to create an initial snmpv3 user called "initial"
- I've been using the same passwords as for the "real" snmp user, but that's up to whatever your policy is. If the switch is exposed, you'd want to delete this user ASAP
- when asked to lock SNMPv1 & SNMPv2 to read-only, say yes
- don't create a user that uses SHA
- create the "real" SNMPv3 user via: "snmpv3 user <username> auth md5 <authpassword> priv <encryptionpassword>"
- create the group for snmpadmin: "snmpv3 group managerpriv user <username> sec-model ver3"
- save the config: "write memory"
To explicitly look at the SNMPv3 user(s) use "show snmpv3 user". To view groups, "show snmpv3 groups". Note that you can use different authentication and encryption protocols if you so desire.
Categories: Mac Matters, Network Notes
Posted by John C. Welch at 17:28 | Permalink
©2003-until I'm fucking dead and then some. you steal my shit, and I will fuck with you like you were a lonely shepherd's slowest sheep.
Comments
Warning for Notes users: The commenting system uses HTML.I know this will be scary for some of you, especially Notes fans. However, open standards, rah-rah.
If you want to use less-than or greater-than signs, or other similar characters that HTML reserves,
you'll simply have to learn to do it the HTML way. Luckily, HTML is kind of popular, no matter what
your re-educators have told you, and you can easily find help on the intertubes.
