On 3/11/10 9:59 AM, Patrick Mugabeni wrote: > How does one generate authentication keys (MD5/SHA) as well as Privacy Key > (DES/AES) for SNMPV3 devices?. I have alcatel-lucent > 7710 routers that I am monitoring but only support SNMPV3. > > Urgent Help needed. > I am not familiar with the alcatel-lucent documentation, but I wonder if your question goes deeper into the way that SNMPv3 keys actually work. It is possible that the Alcatel-Lucent documentation expects you to enter either the "Block" or "Localized" key into InterMapper, instead of an ASCII key.
Here is some background: On a typical SNMP agent (e.g. Net-SNMP), you configure the auth and privacy keys as ASCII in a configuration file. You type these same ASCII keys into InterMapper and the SNMPv3 connection "just works". However, the SNMPv3 protocol does not *directly* use the ASCII keys you enter. Instead, the ASCII key is first converted into a "block" key by running the ASCII password through a one-way hashing function several times. Then, this "block key" is combined with the unique SNMPv3 engineID of the target device to produce a "Localized Key". This localized key is different for each device, and it's the key that is actually used to authenticate/encrypt SNMPv3 payloads. To enter a "Localized Key" into InterMapper, enter the password using this format: L:0xHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH H is a hexadecimal digit. For MD5, there must be exactly 32 hexadecimal digits. For SHA1, there must be exactly 40 hexadecimal digits. To enter a "Block Key", enter the password into InterMapper using this format: N:0xHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH (The N stands for non-localized key. This key will still run through the localization step described above.) -- Bill Fisher Dartware, LLC ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [email protected]
