How to configure SNMPv3 for Avaya VSP and ERS Switches

Besides the CLI and web interface all Avaya Switches supports also the access via SNMP. In the old days the JavaDevice Manager had offered a graphical configuration Interface for your switches. In the backround all configuration changes or show commands where proceded with SNMP from the JDM. The Avaya Configuartion and Orchestration Manager COM still utilize SNMP the same way as it was done by the JDM. I also use SNMP very often for monitoring switches. In the old SNMPv1/v2 the passwords wich are called communitys where transmitted in clear text over the network. Since SNMPv3 we have encrypted communities and a User based role model. I recommand only to use SNMPv3 these days but if you are oldfashioned and still prefer telnet over ssh the old unencrypted SNMPv1/v2 is also available.

For the different device familys you need individual commands to setup SNMP, I will give you here some examples how to setup SNMP.

VSP 4000, 7200, 8000 or 9000 Switches:

On the VOSS Images prior to release 4.2 you needed to load the modules image to have the SNMPv3 feature. Since SW 4.2 the encryption modules are included in the main image.

SNMPv3

snmp-server user test group example-group sha testauth aes testpriv
snmp-server group example-group "" auth-priv read-view root write-view root notify-view root

In this example I craeted a read/write user with full access. You can change the views for the case you want to limit the access that a particular User has.

For the case you want to send your communitys in clear text with SNMPv1/v2

snmp-server community public group readgrp index first secname readview
snmp-server community private group v1v2grp index second secname initialview
 

To disable the default communities:

no snmp-server community public
no snmp-server community private

ERS 2000, 3500, 4000, 5000 Switches

On the stackable Switches you need the “S” or secure image to have the SNMPv3 feature.

snmp-server user test sha testauth aes testpriv read-view nncli write-view nncli

This example shows a read/write user with full access on the ACLI

 

ERS 8000 ACLI

On the ERS8000 the encryption images need to be loaded first before you can use the SNMPv3 feature.

load-encryption-module 3DES
load-encryption-module DES
load-encryption-module AES

After you have loaded you can start to configure SNMPv3

snmp-server user test group example-group sha testauth aes testpriv
snmp-server group "example-group" "" auth-priv read-view root write-view root notify-view root
snmp-server user test group "SNMPwrite"

 

Cisco Catalyst

The SNMPv3 config for a Cisco IOS based Catalyst switch would look like this:

snmp-server user test test v3 auth sha testauth priv aes 128 testpriv access 22

 

About Dominik

Network problem solver
This entry was posted in All, Avaya, Howto. Bookmark the permalink.

1 Response to How to configure SNMPv3 for Avaya VSP and ERS Switches

  1. Manuel Aragon says:

    Hi Dominik:
    Could you explain why for VOSS images using SNMP v1/v2, you need to add a “group name” and an “Index”? Could you explain what does it mean “secname”?

    Also, It is not mentioned the “snmp-server host” command, is it not needed?

Leave a Reply

Your email address will not be published.

two × five =

This site uses Akismet to reduce spam. Learn how your comment data is processed.