Network Management

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML

Hello,

If I understood correctly, you are trying to create a SNMPv3 Read Only user. Which type of device (AOS-S/Procurve, AOS-CX, Comware) are you asking about?

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML

Hi @jguse, 

Yes, I am saying our ArubaOS Switch, you are correct, I meant SNMPv3 readonly user. is this the right way to do it? How do you specify the permission? Would it affect Radius remote management login?

Thanks

ML

Original Message:
Sent: Mar 08, 2023 09:46 AM
From: jguse
Subject: Configure a ReadOnly User for DevOops to read config changes

Hello,

If I understood correctly, you are trying to create a SNMPv3 Read Only user. Which type of device (AOS-S/Procurve, AOS-CX, Comware) are you asking about?

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 12:41 AM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML

Hello,

With SNMPv3 read or read-write typically depends on the privilege you assign to the group which the user is part of. Below is an example from AOS-S switch output for the group where you can see the different options shown (bold options are probably the ones you want to consider for read only):

Switch# snmpv3 group ?
 commanagerr           Community with manager and restricted write access.
 commanagerrw          Community with manager and unrestricted write access.
 comoperatorr          Community with operator and restricted write access.
 comoperatorrw         Community with operator and unrestricted write access.
 managerauth           Require authentication, can access all objects.
 managerpriv           Require privacy and authentication, can access all objects.
 operatorauth          Requires authentication, limited access to objects.
 operatornoauth        No authentication required, limited access to objects.

You could configure it like:

snmpv3 user readonly auth sha authpass

snmpv3 group operatorauth user "readonly" sec-model ver3

EDIT: No, SNMPv3 will not affect remote user login on the switch via RADIUS etc.

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 10:23 PM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Hi @jguse, 

Yes, I am saying our ArubaOS Switch, you are correct, I meant SNMPv3 readonly user. is this the right way to do it? How do you specify the permission? Would it affect Radius remote management login?

Thanks

ML

Original Message:
Sent: Mar 08, 2023 09:46 AM
From: jguse
Subject: Configure a ReadOnly User for DevOops to read config changes

Hello,

If I understood correctly, you are trying to create a SNMPv3 Read Only user. Which type of device (AOS-S/Procurve, AOS-CX, Comware) are you asking about?

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 12:41 AM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML

Hello,

With SNMPv3 read or read-write typically depends on the privilege you assign to the group which the user is part of. Below is an example from AOS-S switch output for the group where you can see the different options shown (bold options are probably the ones you want to consider for read only):

Switch# snmpv3 group ?
 commanagerr           Community with manager and restricted write access.
 commanagerrw          Community with manager and unrestricted write access.
 comoperatorr          Community with operator and restricted write access.
 comoperatorrw         Community with operator and unrestricted write access.
 managerauth           Require authentication, can access all objects.
 managerpriv           Require privacy and authentication, can access all objects.
 operatorauth          Requires authentication, limited access to objects.
 operatornoauth        No authentication required, limited access to objects.

You could configure it like:

snmpv3 user readonly auth sha authpass

snmpv3 group operatorauth user "readonly" sec-model ver3

EDIT: No, SNMPv3 will not affect remote user login on the switch via RADIUS etc.

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 10:23 PM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Hi @jguse, 

Yes, I am saying our ArubaOS Switch, you are correct, I meant SNMPv3 readonly user. is this the right way to do it? How do you specify the permission? Would it affect Radius remote management login?

Thanks

ML

Original Message:
Sent: Mar 08, 2023 09:46 AM
From: jguse
Subject: Configure a ReadOnly User for DevOops to read config changes

Hello,

If I understood correctly, you are trying to create a SNMPv3 Read Only user. Which type of device (AOS-S/Procurve, AOS-CX, Comware) are you asking about?

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 12:41 AM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML

Also, @jguse would operatornoauth have access to read all config on switch? 

Thanks,
ML

Hello,

With SNMPv3 read or read-write typically depends on the privilege you assign to the group which the user is part of. Below is an example from AOS-S switch output for the group where you can see the different options shown (bold options are probably the ones you want to consider for read only):

Switch# snmpv3 group ?
 commanagerr           Community with manager and restricted write access.
 commanagerrw          Community with manager and unrestricted write access.
 comoperatorr          Community with operator and restricted write access.
 comoperatorrw         Community with operator and unrestricted write access.
 managerauth           Require authentication, can access all objects.
 managerpriv           Require privacy and authentication, can access all objects.
 operatorauth          Requires authentication, limited access to objects.
 operatornoauth        No authentication required, limited access to objects.

You could configure it like:

snmpv3 user readonly auth sha authpass

snmpv3 group operatorauth user "readonly" sec-model ver3

EDIT: No, SNMPv3 will not affect remote user login on the switch via RADIUS etc.

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 10:23 PM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Hi @jguse, 

Yes, I am saying our ArubaOS Switch, you are correct, I meant SNMPv3 readonly user. is this the right way to do it? How do you specify the permission? Would it affect Radius remote management login?

Thanks

ML

Original Message:
Sent: Mar 08, 2023 09:46 AM
From: jguse
Subject: Configure a ReadOnly User for DevOops to read config changes

Hello,

If I understood correctly, you are trying to create a SNMPv3 Read Only user. Which type of device (AOS-S/Procurve, AOS-CX, Comware) are you asking about?

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 12:41 AM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML

Hello,

The commands:

snmpv3 group OperatorAuth user "readonly" sec-model ver3

and

snmpv3 group OperatorNoAuth user "readonly" sec-model ver3

...are almost the same. The difference is that NoAuth will not require the user to have an 'authentication' password - so you will not need to configure 'snmpv3 user readonly auth sha authpass' and instead 'snmpv3 user readonly' will be sufficient.

For your second question, yes, it should have access to all readable configurations on the switch.

Also, @jguse would operatornoauth have access to read all config on switch? 

Thanks,
ML

Hello,

With SNMPv3 read or read-write typically depends on the privilege you assign to the group which the user is part of. Below is an example from AOS-S switch output for the group where you can see the different options shown (bold options are probably the ones you want to consider for read only):

Switch# snmpv3 group ?
 commanagerr           Community with manager and restricted write access.
 commanagerrw          Community with manager and unrestricted write access.
 comoperatorr          Community with operator and restricted write access.
 comoperatorrw         Community with operator and unrestricted write access.
 managerauth           Require authentication, can access all objects.
 managerpriv           Require privacy and authentication, can access all objects.
 operatorauth          Requires authentication, limited access to objects.
 operatornoauth        No authentication required, limited access to objects.

You could configure it like:

snmpv3 user readonly auth sha authpass

snmpv3 group operatorauth user "readonly" sec-model ver3

EDIT: No, SNMPv3 will not affect remote user login on the switch via RADIUS etc.

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 10:23 PM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Hi @jguse, 

Yes, I am saying our ArubaOS Switch, you are correct, I meant SNMPv3 readonly user. is this the right way to do it? How do you specify the permission? Would it affect Radius remote management login?

Thanks

ML

Original Message:
Sent: Mar 08, 2023 09:46 AM
From: jguse
Subject: Configure a ReadOnly User for DevOops to read config changes

Hello,

If I understood correctly, you are trying to create a SNMPv3 Read Only user. Which type of device (AOS-S/Procurve, AOS-CX, Comware) are you asking about?

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 12:41 AM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML

Thank a lot, do I need to add Privacy Protocol for this purpose? what does it do? 

Hello,

The commands:

snmpv3 group OperatorAuth user "readonly" sec-model ver3

and

snmpv3 group OperatorNoAuth user "readonly" sec-model ver3

...are almost the same. The difference is that NoAuth will not require the user to have an 'authentication' password - so you will not need to configure 'snmpv3 user readonly auth sha authpass' and instead 'snmpv3 user readonly' will be sufficient.

For your second question, yes, it should have access to all readable configurations on the switch.

Also, @jguse would operatornoauth have access to read all config on switch? 

Thanks,
ML

Hello,

With SNMPv3 read or read-write typically depends on the privilege you assign to the group which the user is part of. Below is an example from AOS-S switch output for the group where you can see the different options shown (bold options are probably the ones you want to consider for read only):

Switch# snmpv3 group ?
 commanagerr           Community with manager and restricted write access.
 commanagerrw          Community with manager and unrestricted write access.
 comoperatorr          Community with operator and restricted write access.
 comoperatorrw         Community with operator and unrestricted write access.
 managerauth           Require authentication, can access all objects.
 managerpriv           Require privacy and authentication, can access all objects.
 operatorauth          Requires authentication, limited access to objects.
 operatornoauth        No authentication required, limited access to objects.

You could configure it like:

snmpv3 user readonly auth sha authpass

snmpv3 group operatorauth user "readonly" sec-model ver3

EDIT: No, SNMPv3 will not affect remote user login on the switch via RADIUS etc.

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 10:23 PM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Hi @jguse, 

Yes, I am saying our ArubaOS Switch, you are correct, I meant SNMPv3 readonly user. is this the right way to do it? How do you specify the permission? Would it affect Radius remote management login?

Thanks

ML

Original Message:
Sent: Mar 08, 2023 09:46 AM
From: jguse
Subject: Configure a ReadOnly User for DevOops to read config changes

Hello,

If I understood correctly, you are trying to create a SNMPv3 Read Only user. Which type of device (AOS-S/Procurve, AOS-CX, Comware) are you asking about?

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 12:41 AM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML

I would strongly recommend enabling privacy for SNMPv3, it provides data encryption to the SNMP traffic.

Thank a lot, do I need to add Privacy Protocol for this purpose? what does it do? 

Hello,

The commands:

snmpv3 group OperatorAuth user "readonly" sec-model ver3

and

snmpv3 group OperatorNoAuth user "readonly" sec-model ver3

...are almost the same. The difference is that NoAuth will not require the user to have an 'authentication' password - so you will not need to configure 'snmpv3 user readonly auth sha authpass' and instead 'snmpv3 user readonly' will be sufficient.

For your second question, yes, it should have access to all readable configurations on the switch.

Also, @jguse would operatornoauth have access to read all config on switch? 

Thanks,
ML

Hello,

With SNMPv3 read or read-write typically depends on the privilege you assign to the group which the user is part of. Below is an example from AOS-S switch output for the group where you can see the different options shown (bold options are probably the ones you want to consider for read only):

Switch# snmpv3 group ?
 commanagerr           Community with manager and restricted write access.
 commanagerrw          Community with manager and unrestricted write access.
 comoperatorr          Community with operator and restricted write access.
 comoperatorrw         Community with operator and unrestricted write access.
 managerauth           Require authentication, can access all objects.
 managerpriv           Require privacy and authentication, can access all objects.
 operatorauth          Requires authentication, limited access to objects.
 operatornoauth        No authentication required, limited access to objects.

You could configure it like:

snmpv3 user readonly auth sha authpass

snmpv3 group operatorauth user "readonly" sec-model ver3

EDIT: No, SNMPv3 will not affect remote user login on the switch via RADIUS etc.

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 10:23 PM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Hi @jguse, 

Yes, I am saying our ArubaOS Switch, you are correct, I meant SNMPv3 readonly user. is this the right way to do it? How do you specify the permission? Would it affect Radius remote management login?

Thanks

ML

Original Message:
Sent: Mar 08, 2023 09:46 AM
From: jguse
Subject: Configure a ReadOnly User for DevOops to read config changes

Hello,

If I understood correctly, you are trying to create a SNMPv3 Read Only user. Which type of device (AOS-S/Procurve, AOS-CX, Comware) are you asking about?

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 12:41 AM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML

Hello,

The commands:

snmpv3 group OperatorAuth user "readonly" sec-model ver3

and

snmpv3 group OperatorNoAuth user "readonly" sec-model ver3

...are almost the same. The difference is that NoAuth will not require the user to have an 'authentication' password - so you will not need to configure 'snmpv3 user readonly auth sha authpass' and instead 'snmpv3 user readonly' will be sufficient.

For your second question, yes, it should have access to all readable configurations on the switch.

Also, @jguse would operatornoauth have access to read all config on switch? 

Thanks,
ML

Hello,

With SNMPv3 read or read-write typically depends on the privilege you assign to the group which the user is part of. Below is an example from AOS-S switch output for the group where you can see the different options shown (bold options are probably the ones you want to consider for read only):

Switch# snmpv3 group ?
 commanagerr           Community with manager and restricted write access.
 commanagerrw          Community with manager and unrestricted write access.
 comoperatorr          Community with operator and restricted write access.
 comoperatorrw         Community with operator and unrestricted write access.
 managerauth           Require authentication, can access all objects.
 managerpriv           Require privacy and authentication, can access all objects.
 operatorauth          Requires authentication, limited access to objects.
 operatornoauth        No authentication required, limited access to objects.

You could configure it like:

snmpv3 user readonly auth sha authpass

snmpv3 group operatorauth user "readonly" sec-model ver3

EDIT: No, SNMPv3 will not affect remote user login on the switch via RADIUS etc.

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 10:23 PM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Hi @jguse, 

Yes, I am saying our ArubaOS Switch, you are correct, I meant SNMPv3 readonly user. is this the right way to do it? How do you specify the permission? Would it affect Radius remote management login?

Thanks

ML

Original Message:
Sent: Mar 08, 2023 09:46 AM
From: jguse
Subject: Configure a ReadOnly User for DevOops to read config changes

Hello,

If I understood correctly, you are trying to create a SNMPv3 Read Only user. Which type of device (AOS-S/Procurve, AOS-CX, Comware) are you asking about?

------------------------------
Justin Guse

Original Message:
Sent: Mar 08, 2023 12:41 AM
From: manly009
Subject: Configure a ReadOnly User for DevOops to read config changes

Dear Friends, 

I would like set up a user that can be used to Read Only Any config change so DevOops can get config change from the switch. Should I use the command

snmpv3 user username auth md5 password to create Read Only User? 

Thanks a lot,

ML