Out of the box, Spectrum is configured to discover and model SNMPv3 devices configured with MD5/DES. This is controlled by the following entries in the $SPECROOT/SS/.vnmrc file:
snmpv3_default_auth_protocol=md5
snmpv3_default_priv_protocol=des
Devices that are configured to use SHA/AES can be modeled in Spectrum using either of the following methods:
- Change the default configuration in the $SPECROOT/SS/.vnmrc file as follows and then restart the SpectroSERVER process for the change to take affect:
snmpv3_default_auth_protocol=sha
snmpv3_default_priv_protocol=aes
NOTE: This is a global so all SNMPv3 discovery and modeling will now use SHA/AES.
- You can have a mixed environment where some devices use MD5/DES and some use SHA/AES. To do this, you will need to decide which is going to be the default and configure the $SPECROOT/SS/.vnmrc file accordingly. As an example, if you leave the defaults at MD5/DES, to manage devices that use SHA/AES, when you create your SNMPv3 profile, you can override the default to explicitly use SHA/AES. To override the default authentication to use SHA, enter the following in the SNMPv3 profile in the Authentication Password field where <authpassword> is the Authentication Password:
SHA^<authpassword>
To override the default privacy to use AES, enter the following in the SNMPv3 profile in the Privacy Password field where <privpassword> is the Privacy Password:
AES^<privpassword>
Now when using this new SNMPv3 profile, SHA/AES will override the MD5/DES defaults.