Creating User Profiles with the SNMPv3 Version of the NMC-RX Application

[Contents] [Prev] [Next] [Report an Error] [No Frames]

Configuring Security Settings > Creating User Profiles with the SNMPv3 Version of the NMC-RX Application
Creating User Profiles with the SNMPv3 Version of the NMC-RX Application
User profiles are created differently depending on which version of SNMP was chosen during the installation of the NMC-RX application. If you are using the SNMPv3 version of the NMC-RX application, use this section. If you are using the SNMPv2c version of the software, see Creating User Profiles with the SNMPv2c Version of the NMC-RX Application.

Only users with the Security privilege can create a user profile. When you create a user profile, you can:

Set the username and password

Select how the user login will be authenticated (either locally or through a RADIUS authentication server; see the previous section)

Assign a user privilege level

Configure SNMPv3 settings

User Privilege

Only users with the Security privilege enabled can modify the User Privilege settings. Privilege settings are enabled for an admin user and can never be changed.

User privileges are divided into three categories:

Security—Allows access to administer application-specific settings, such as inserting/removing members of groups, creating groups and new users, and setting user authentication settings.

Device Maintenance—Allows access to all device-specific settings or features; default.

Device Administration—Allows access to device-specific settings and features. You can specify five areas for the device administration category: view, create, configure, delete, and execute.

SNMPv3

A router can provide authentication and privacy for users via SNMPv3. Each user is associated with a group. A group is a set of users with the same access privileges to the router (see Table 26). For each NMC-RX user, you can configure only one SNMP user.

Three predefined groups are available:

Public—No authentication and no privacy. Users are not configured for authentication or privacy.

Private—Authentication only. Users need to be authenticated by the SNMP agent, but the data is not encrypted.

Admin—Authentication and privacy. Users are configured for authentication and privacy.

NOTE: Before the NMC-RX application can begin to communicate with the router, SNMPv3 parameters must be set on the router by using the CLI. Use the NMC-RX application's remote login feature to access the CLI.

Because each virtual router has its own security model, SNMP users must be added to each virtual router on the E-series router. Only then can the virtual router be managed via SNMPv3. For example, when a virtual router is created through the NMC-RX application, it can be configured only after the SNMP users have been added to the virtual router via the CLI.

For more information about SNMP, see E-Series System Basics Configuration Guide, Chapter 3, Configuring SNMP. For more information about virtual routers, see NMC-RX User Guide, Vol. 2, Chapter 3, Configuring Virtual Routers.

To create a user profile:

In either the Network or Device Workshop, from the Configuration menu, select Create, and click User Profile.

The Create User Profile dialog box appears.
Set the user profile parameters. See Table 26.
 Table 26:  User Profile Parameters 

 Parameter
 Description

 User Name

 Range 1-32 characters; must contain at least one alphabetic and one numeric character


 User Authentication

 Mode

 (See Configuring User Authentication Settings earlier in this chapter for more information.)
 Determines the type of login:

   Local—Authenticates the user login locally
   RADIUS—Authenticates the user login through a RADIUS server



 Test Login

 When enabled (checked) and user authentication mode is set to RADIUS, the remote login action is tested.


 Password

 Password must be between 6 and 16 characters. It must contain at least one alphabetic and one numeric character. The password assigned by the administrator can be changed by the user. 


 Re-enter Password

 Password must be typed again exactly as typed in the User Password field.


 User Privilege
 


 Privilege Settings

 Sets the level to determine what actions a user can take in regard to a particular object.

   Security—Allows a user to administer application settings. For example, a user is limited to creating groups and devices, and cannot access the Device Workshop or perform device configuration.
   Device Maintenance—Allows access to all device-specific settings or features; default.



 Device Administration

 Sets the level to determine what actions a user can take in regard to a particular object. 

   View—Allows a user to view a device's configuration.
   Create—Allows a user to create configurations on a device.
   Configure—Allows a user to configure a device's configuration.
   Delete—Allows a user to delete device configurations.
   Execute—Allows a user to execute certain device actions. For example, user is allowed to run ping on a device or log in remotely to a device.



 Remote Login
 


 SSH User Name Source


   NMC-RX User Name—Select if you always want to use the NMC-RX username as the SSH username source. This is the default.
   Other User Name—Select if you want to use a username other than the NMC-RX username as the SSH username source. When selected, the text box to the right of the field is active and you can edit the text. 

 Type the user name in the text box. The username can be from 1 to 128 characters.


 User Preferences
 


 Single Click Object View

 Displays an object's current configuration in view mode with a single click; default: disabled (cleared)


 SNMPv3 User
 


 User Name

 Name of the SNMP user; range 1-32 characters


 SNMP Group

 The group of the SNMP user. Depending on the choice selected (Public, Private, Admin), different authentication and privacy parameters are available.
 NOTE: All SNMPv3 user attributes must match the attributes set up via the CLI on the router. 


 Authentication
 


 Key

 Secret authentication key used for messages sent on behalf of the user; range: 16 characters for MD-5 protocol, 20 characters for SHA protocol; default is empty


 Protocol

 Protocol used to authenticate the user; MD-5 or SHA


 Privacy
 


 Key

 Secret encryption key used for messages sent on behalf of the user; range: 16 characters


 Protocol

 Encryption protocol; DES



 
 NOTE: You cannot delete the Admin user group (admin), but you can modify the password (nmc-rxadmin) delivered with the NMC-RX application.



 
To save the settings, click OK.

Parameter	Description
User Name	Range 1-32 characters; must contain at least one alphabetic and one numeric character
User Authentication
Mode	(See Configuring User Authentication Settings earlier in this chapter for more information.) Determines the type of login: Local—Authenticates the user login locally RADIUS—Authenticates the user login through a RADIUS server
Test Login	When enabled (checked) and user authentication mode is set to RADIUS, the remote login action is tested.
Password	Password must be between 6 and 16 characters. It must contain at least one alphabetic and one numeric character. The password assigned by the administrator can be changed by the user.
Re-enter Password	Password must be typed again exactly as typed in the User Password field.
User Privilege
Privilege Settings	Sets the level to determine what actions a user can take in regard to a particular object. Security—Allows a user to administer application settings. For example, a user is limited to creating groups and devices, and cannot access the Device Workshop or perform device configuration. Device Maintenance—Allows access to all device-specific settings or features; default.
Device Administration	Sets the level to determine what actions a user can take in regard to a particular object. View—Allows a user to view a device's configuration. Create—Allows a user to create configurations on a device. Configure—Allows a user to configure a device's configuration. Delete—Allows a user to delete device configurations. Execute—Allows a user to execute certain device actions. For example, user is allowed to run ping on a device or log in remotely to a device.
Remote Login
SSH User Name Source	NMC-RX User Name—Select if you always want to use the NMC-RX username as the SSH username source. This is the default. Other User Name—Select if you want to use a username other than the NMC-RX username as the SSH username source. When selected, the text box to the right of the field is active and you can edit the text. Type the user name in the text box. The username can be from 1 to 128 characters.
User Preferences
Single Click Object View	Displays an object's current configuration in view mode with a single click; default: disabled (cleared)
SNMPv3 User
User Name	Name of the SNMP user; range 1-32 characters
SNMP Group	The group of the SNMP user. Depending on the choice selected (Public, Private, Admin), different authentication and privacy parameters are available. `NOTE:` All SNMPv3 user attributes must match the attributes set up via the CLI on the router.
Authentication
Key	Secret authentication key used for messages sent on behalf of the user; range: 16 characters for MD-5 protocol, 20 characters for SHA protocol; default is empty
Protocol	Protocol used to authenticate the user; MD-5 or SHA
Privacy
Key	Secret encryption key used for messages sent on behalf of the user; range: 16 characters
Protocol	Encryption protocol; DES

[Contents] [Prev] [Next] [Report an Error] [No Frames]