Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Defining the USM users

As part of the configuration steps to define the USM users, you are also required to specify the following information:

  • Type of security protocol (authentication, privacy, or both) to apply to the SNMP messages sent between an SNMP manager and an SNMP client
  • Secret keys associated with the selected security protocols

Before defining the USM users, configure the secret keys associated with the security protocols so that these are added to the databases of the SNMP entities that are to share the keys.

The following table shows the following configurations for USM:

  • The auditbot user employs authentication only
  • The netadmin and supportl2 users employ authentication and privacy

To define the USM users, perform the following steps in configuration mode. You must specify at least one of the security protocols (authentication or privacy).

Note: After defining a user by using the service snmp v3 user username auth plaintext-key passwd command and committing the command, a user engine ID (engineid) to be associated with the given SNMPv3 user is automatically added to the configuration. The engine ID is used during the generation of an encrypted password based on the configured plain-text password and the validation of passwords.
Note: During an upgrade to a new vRouter image, ensure that you use the same user engine IDs for each of the existing SNMPv3 users.
Table 1. Defining the USM users
StepCommand
If you are using the authentication protocol to authenticate the user, specify the name of the user, authentication protocol, and authentication password. In this example, a clear-text password is used to authenticate a user.
Note: The clear-text passwords are converted to encrypted keys after the commands are committed.
vyatta@R1# set service snmp v3 user auditbot auth plaintext-key auditbotkey
vyatta@R1# set service snmp v3 user netadmin auth plaintext-key netadminkey
vyatta@R1# set service snmp v3 user supportl2 auth plaintext-key supportl2key
If you are using the privacy protocol to provide data confidentiality for SNMPv3 traffic, specify the name of the user, privacy protocol, and privacy password. In this example, a clear-text password is used to encrypt the SNMP traffic.
Note: The clear-text passwords are converted to encrypted keys after the commands are committed.
vyatta@R1# set service snmp v3 user netadmin privacy plaintext-key netadminkey1
vyatta@R1# set service snmp v3 user supportl2 privacy plaintext-key supportl2key1
Commit the change.
vyatta@R1# commit
Verify the configuration.

Note that the clear-text passwords configured for each of the users have been converted to encrypted keys and that engine IDs have been added to each user configuration where the user authentication protocol is used for authenticating the user.

vyatta@R1# show service snmp
 v3 {
     user auditbot {
         auth {
             encrypted-key 0xba6273b420a64b415ad0a44e80106dbd
         }
         engineid 0x80001f8880141fcc01ca3edd51
     }
     user netadmin {
         auth {
             encrypted-key 0x110c1e3aa857084f9bf7ce4faaf44496
         }
         engineid 0x80001f8880141fcc01ca3edd51
         privacy {
             encrypted-key 0x4d8590f7fb640e35b673443823fccb71
         }
     }
     user supportl2 {
         auth {
             encrypted-key 0x9a72fc4e7a3cf01c0eadecb13dcf6f7c
         }
         engineid 0x80001f8880141fcc01ca3edd51
         privacy {
             encrypted-key 0x792dedb243b0fcbb7662b802f1444671
         }
     }
 }
Verify the configuration.
vyatta@R1# show snmp v3 user

SNMPv3 Users:

    User           Auth Priv Mode Group
    ----           ---- ---- ---- -----
    auditbot       md5       ro
    netadmin       md5  des  ro
    supportl2      md5  des  ro