Edit SNMP v3 Profiles Dialog

The Edit SNMP v3 Profiles dialog can be accessed by clicking Profiles in the Configuration tab in the Discovery Console or from the Create Model dialogs.
casp1032
The
Edit SNMP v3 Profiles
dialog can be accessed by clicking
Profiles
in the
Configuration
tab in the
Discovery Console
or from the
Create Model
dialogs.
For more information on SNMPv3 privacy and authentication options, see SNMPv3 Support.
Configuring the SNMPv3 Profile
  1. To add/edit the SNMPv3 profile, do one of the following:
    • From the OneClick Console > Explorer view, right-click
      Utilities > Discovery Console
      > navigate to the
      Configuration
      tab >
      SNMP Information
      section, the select
      SNMP v3
      option, and click the
      Profiles
      button.
    • From the OneClick Console >
      Contents > Topology
      tab, click the create a new model by IP icon CreatenewmodelbyIP.png.
  2. Select the
    SNMPv3
    option and click the
    Profiles
    button.
  3. Select the existing profile and click
    Modify
    to modify a profile, or click
    Add
    to add a profile.
    This procedure is for non-Diffie-Hellman (DH) profiles creation. For more information about how to create a DH profile on SNMPv3, see the separate section "Support for Diffie-Hellman (DH) Profile on SNMPv3" explained in this article.
  4. Enter a name in the
    Profile Name
    field. This profile name should be unique, for example, for a multitenant configuration, the profile can be <tenantname>_profilename, and in a non-multitenant environment, the profile name can be <SDCIP>_profilename.
  5. Enter the same data that has been configured for full MIB access on the device in the
    User ID
    field.
  6. Choose
    one
    of the following SNMPv3 standard security options from the
    Authentication Type
    drop-down list:
    • No Authentication:
      Data sent from the
      DX NetOps Spectrum
      host system to the SNMPv3 device is not encrypted or authenticated.
    • Authentication with no Privacy:
      Data sent from the
      DX NetOps Spectrum
      host system to the SNMPv3 device is authenticated but it is not encrypted.
    • Authentication with Privacy:
      Data sent from the
      DX NetOps Spectrum
      host system to the SNMPv3 device is both encrypted and authenticated.
    By default, the MD5 encryption mode option is selected in the
    A
    uthentication Protocol
    field. You can select the SHA encryption option. 
  7. Select one of the options in the
    Authentication Protocol
    field.
  8. Enter a relevant password in the
    Authentication Password
    field.
  9. Re-enter to confirm the password in the
    Confirm Authentication Password
    field.
    By default, DES authentication option is selected in the Privacy Protocol field. You can select one of the following privacy encryption algorithm options.
  10. Select one of the following options in the
    Privacy Protocol
    field:
    • DES
    • 3DES
    • AES
    • AES256
  11. In the
    Privacy Password
    field, enter the same data that has been configured for a full MIB access on the device.
  12. Re-enter to confirm the privacy password in the
    Confirm Privacy Password
    fields.
  13. Click
    Add/Modify
    to update the profiles list with the new/updated profile you have created.
    10.3.1 introduces support for a secure domain option in the SNMP v3 profile creation dialog. This feature will ensure privacy and security by restricting v3 profile to the particular SDC specified in a secure domain option and preventing users from viewing device profiles belonging to other users. Users have to specify the IP address and configure the secure domain for their devices.
  14. Click
    OK
    to save your changes and close the
    Edit SNMP v3 Profiles
    dialog.
Select the
Show Passwords
checkbox to view the authentication password and the privacy password entered for the selected profile.
If you modify the
User ID
field in the
Edit SNMP v3 Profiles
dialog after your model has connected, you will lose contact with the SNMPv3 device. To regain management of the device, right-click the device model in the
Topology
tab of the
Contents
pane, and click
Reconfiguration, Reset SNMPv3 Authentication
.
SNMPv3 Support for Diffie-Hellman (DH)
DX NetOps Spectrum
now supports the creation of DH profiles on SNMPv3. This ability provides more robust security mechanism during communication.
Create DH Profiles
To create a DH profile, enable the required option and then provide the relevant information. By default, the option to create a DH profile is not selected.
Unmanaged traps are not supported on DH profiles.
Follow these steps:
  1. In the OneClick Console, click the
    Explorer
    tab.
  2. Right-click in the left pane and select the
    Utilities, Discovery Console
    option from the context menu.
  3. Navigate to the
    Configuration
    tab,
    SNMP Information
    section.
  4. Select the
    SNMP v3
    option and click the
    Profiles
    button.
    When the DH Profile option is enabled, the following fields are disabled and their values are changed automatically:
    • Authentication Type:
      The value is changed to
      Authentication with Privacy
      .
    • Authentication Protocol:
      The value is changed to
      MD5
      .
    • Privacy Protocol:
      The value is changed to
      DES
      .
  5. Enable the
    DH Profile
    option. When this option is enabled, only the following fields are available for entering the information:
    • Profile Name
    • User ID
    • DH Random Number
      The DH random number value must be 256 bits and must start with 0x. An example value is as follows:
      0x93ad4af59644b00e39daca2e9f38c059a7933f4770fdb648a7e3bcc9c7959c2804cd85f3b4f8a05d70386c2e403b4fdaed106857eb60e2cbffa717fd615e30fafe584182f8c03ebac3911f2b6b7385e8fe27cb0068dd6730efa8341887b9866acf984a9dc136e08dc8341d145cefa732c84fc26352719ee3f40abae1fbcc698a
    • Secure Domain
  6. Click
    Add
    to add the profile
  7. Click
    OK
    .
The DH profile is successfully created on SNMP v3. The following screenshot shows a created DH profile:
DH profile creation
After a DH profile device is modeled, the DH SNMPv3 community string will include the following parameters:
  • Protocol type (
    DH
    )
  • Authentication type (
    MD5
    )
  • Authentication key
  • Privacy protocol (DES)
  • Privacy key
  • User name
  • DH random number
The following screenshot shows the required information:
Community string for DH Profile SNMPv3
If an agent on a device is restarted, then the authentication key and the privacy key will be changed because the public number of the device will get changed. In this case, SpectroSERVER automatically calculates the new authentication key and the privacy key to communicate with the device.
Edit G and P Values on a DH Profile
You can edit the G and P values on a DH profile based on your requirements.
Follow these steps:
  1. Access the OneClick console.
  2. Navigate to the
    Locater
    tab.
  3. Click the
    Create a new search
    icon and enter the information as follows:
    1. Select
      Model Type Name (0x10000)
      from the
      Attribute
      drop-down list.
    2. Verify that the value in the
      Comparison Type
      field is set to
      Equal To
      .
    3. Select
      GlobalConfig
      from the
      Attribute Value
      drop-down list.
      The following screenshot shows the required information:
      Creating a new search
  4. Save the new search.
  5. Launch the newly created search.
  6. Select the result that is displayed in the
    Results
    tab in the right pane.
  7. Click the
    Attributes
    tab and search for DHParameter_g and DHParameter_p.
    The parameters are listed in the table. The following screenshot shows the required information:
    Launching a new search
  8. Double-click the required parameter (in the right pane) to edit its value and click
    OK
    to save it. The following screenshot shows the required information:
    Editing the values
The values are changed accordingly.
Secure Domain Option
10.3.1 introduces support for a 'Secure Domain' option in the SNMPv3 profile creation dialog. This feature will ensure privacy and security by restricting v3 profile to a particular SDC specified in the
Secure Domain
option and preventing users from viewing device profiles belonging to other users. Users have to specify the IP address and configure the secure domain for their devices. Here is a screenshot of the SNMPv3 profile creation dialog with the newly added
Secure Domain
option.
secureDomainComboBox.png
To create a v3 profile, specify the IP address of a secure domain along with the other v3 information. If you select
None
, then the corresponding profile pushes all SDCs connected to the landscape. Otherwise, the profile will be unicasted to a secure domain mentioned in the v3 profile. To model a device with SNMPv3, the selected secure domain option in the CreateModelByIP/ Discovery Console panel should be the same as the secure domain specified in v3 profile.
If the selected v3 profile has a secure domain option
None
, then the device can be modeled through any of the selected SDC.
If the SNMPV3 profiles are present in a prior version of the product, then after upgrading to 10.3.1, all these profiles are updated with the
None
option in the
Secure Domain
field. These profiles are broadcasted to all the connected SDCs.
Dump and Reset v3 Profiles at SDC
To dump local and remote profiles at SDC, 0x10337 action can be used on the SDC model handle. Profile details are dumped at “snmpv3profiledump.txt” in the SDConnector/bin folder under SDC. Similarly, to reset all remote profiles at SDC, 0x10336 action can be used.
Troubleshooting
  • For unmanaged v3 trap processing, if the trap destination is SDC, then there must be a local profile created at SDC.