Besides the CLI and web interface all Avaya Switches supports also the access via SNMP. In the old days the JavaDevice Manager had offered a graphical configuration Interface for your switches. In the backround all configuration changes or show commands where proceded with SNMP from the JDM. The Avaya Configuartion and Orchestration Manager COM still utilize SNMP the same way as it was done by the JDM. I also use SNMP very often for monitoring switches. In the old SNMPv1/v2 the passwords wich are called communitys where transmitted in clear text over the network. Since SNMPv3 we have encrypted communities and a User based role model. I recommand only to use SNMPv3 these days but if you are oldfashioned and still prefer telnet over ssh the old unencrypted SNMPv1/v2 is also available.
For the different device familys you need individual commands to setup SNMP, I will give you here some examples how to setup SNMP.
VSP 4000, 7200, 8000 or 9000 Switches:
On the VOSS Images prior to release 4.2 you needed to load the modules image to have the SNMPv3 feature. Since SW 4.2 the encryption modules are included in the main image.
SNMPv3
snmp-server user test group example-group sha testauth aes testpriv snmp-server group example-group "" auth-priv read-view root write-view root notify-view root
In this example I craeted a read/write user with full access. You can change the views for the case you want to limit the access that a particular User has.
For the case you want to send your communitys in clear text with SNMPv1/v2
snmp-server community public group readgrp index first secname readview
snmp-server community private group v1v2grp index second secname initialview
To disable the default communities:
no snmp-server community public
no snmp-server community private
ERS 2000, 3500, 4000, 5000 Switches
On the stackable Switches you need the “S” or secure image to have the SNMPv3 feature.
snmp-server user test sha testauth aes testpriv read-view nncli write-view nncli
This example shows a read/write user with full access on the ACLI
ERS 8000 ACLI
On the ERS8000 the encryption images need to be loaded first before you can use the SNMPv3 feature.
load-encryption-module 3DES load-encryption-module DES load-encryption-module AES
After you have loaded you can start to configure SNMPv3
snmp-server user test group example-group sha testauth aes testpriv snmp-server group "example-group" "" auth-priv read-view root write-view root notify-view root snmp-server user test group "SNMPwrite"
Cisco Catalyst
The SNMPv3 config for a Cisco IOS based Catalyst switch would look like this:
snmp-server user test test v3 auth sha testauth priv aes 128 testpriv access 22
Hi Dominik:
Could you explain why for VOSS images using SNMP v1/v2, you need to add a “group name” and an “Index”? Could you explain what does it mean “secname”?
Also, It is not mentioned the “snmp-server host” command, is it not needed?