Enforcing SNMPv3 Message Encryption

By default the SNMP agent allows the securityLevel parameters of authNoPriv and authPriv for the SNMPv3 messages that use user-configured SNMPv3 message encryption with auth and priv keys.

Detailed Steps

To enforce the message encryption for a user, follow these steps:

1. Expand Switches, expand Security, and then select Users and Roles from the Physical Attributes pane.
2. Click the Users tab in the Information pane to see a list of users.
3. Click Create Row.

You see the Create Users dialog box.

4. Enter the user name in the New User field.
5. Select the role from the Role drop-down menu. You can enter a new role name in the field if you do not want to select one from the drop-down menu. If you do this, you must go back and configure this role appropriately.
6. Enter a password for the user in Password field.
7. Click the Privacy tab.
8. Check the Enforce SNMP Privacy Encryption check box to encrypt management traffic.
9. Click Create to create the new entry.

To enforce the SNMPv3 message encryption globally on all the users, follow these steps:

1. Select a VSAN in the Logical Domains pane. This will not work if you select All VSANS.
2. Expand Switches, expand Security, and then select Users and Roles in the Physical Attributes pane. Click the Global tab in the Information pane.
3. Check the GlobalEnforcePriv check box.
4. Click the Apply Changes icon to save these changes.

---

Copyright 2010-2013, Cisco Systems, Inc. All rights reserved.