SNMPv3 authentication settings

SNMPv3 adds authentication and privacy enhancements to earlier SNMP specifications. SNMPv3 uses a user-based security model instead of community strings, and SNMPv3 messages (data) can be securely signed and encrypted using authentication and privacy passwords. Please note that the minimum password length for SNMPv3 authentication is 8 characters.

For points to be read using SNMPv3, specify the user name and password as follows:

USER=username;
APW=password;

• To use MD5 authentication, specify AUTH=MD5;.

• To use SHA authentication, specify AUTH=SHA;.

  Tip: Consult the documentation for the device to determine which to use. If you omit this setting, the interface defaults to MD5.

For security best practices, if the SNMPv3 agent supports a privacy type then we recommend configuring the privacy key and privacy type. This can be specified by setting the PPW=password option, and the PRIV=privacy type where privacy type can be DES or AES, and defaults to DES if not specified.

PRIV=privacy type;

Encryption is performed by using a privacy key to encrypt the data portion of the message being sent, and the privacy protocol can be either AES or DES. You must specify the plain text DES password using the PPW=password; option as follows:

PPW=password;

• If you specify USER with no password you will have an unauthenticated connection and data will be unencrypted.

• If you specify USER and APW then you will have an authenticated connection but data will be unencrypted.

• If you specify USER, APW and PPW then you will have an authenticated connection and data will be encrypted.

• If you specify USER, APW, PPW, and PRIV then you will have an authenticated connection and data will be encrypted. This is the most secure configuration of the available options.

  Tip: For security best practices, include the -ENC command line parameter to ensure the password file is deleted at startup of the interface.