Hashed SNMP community string based on device IP address
Prime Cable Provisioning 6.3 supports the hashed SNMP community string feature based on the device's IP address which is unique for each device.
This chapter describes the command-line interface (CLI) commands that you can use to configure the Prime Cable Provisioning hashed SNMP community string based on device IP address parameters.
Note To enable the logs for this feature:
This IP verify feature needs to be enabled for this feature to be enabled..
service tftp 1 ipv4 verify-ip
service tftp 1 ipv6 verify-ip
The commands described in this chapter are:
snmp hash read/write community
Use the snmp hash read/write community command to configure the hashed SNMP community string using the following commands:
Syntax Description
snmp hash read community <community parameter>
snmp hash write community <community parameter>
The <community parameter> specifies the string that will be replaced by the hashed SNMP community string in the configuration binary file. This parameter is required before the feature is enabled for both read and write operations.
This configuration can be viewed as part of the show running-config command output, which displays the current DPE configuration.
Examples
This result occurs when you enable read community snmp hash community string.
bac_dpe# snmp hash read community readcommunity
This result occurs when you enable write community snmp hash community string.
bac_dpe# snmp hash write community writecommunity
Defaults
No default behavior or values.
snmp hash read/write format
Use the snmp hash read/write format command to configure the format of the input to the SNMP hash function using the following commands:
Syntax Description
snmp hash read format <format parameter>
snmp hash write format <format parameter>
The <format parameter> specifies the text string consisting of seed values, and placement of the IP address bytes, ${IPBYTES}. This parameter is required before the feature is enabled for both read and write operations.
This configuration can be viewed as part of the show running-config command output, which displays the current DPE configuration.
Examples
This result occurs when you enable snmp hash read format.
bac_dpe# snmp hash read format abc${IPBYTES}xyz
This result occurs when you enable write snmp hash write format.
bac_dpe# snmp hash write format abc${IPBYTES}xyz
Defaults
No default behavior or values.
snmp hash read/write key
Use the snmp hash read/write key command to configure the secret key required for the generation of the read/write hashed SNMP community string using the following commands:
Syntax Description
snmp hash read key <key parameter>
snmp hash write key <key parameter>
The <key parameter> specifies the text string that will be configured as the secret key for the read/write hashed SNMP community string operations. This parameter is required before the feature is enabled for both read and write operations.
This configuration is not displayed as plain text in the show running-config command output, but as the checksum of the key.
Examples
This result occurs when you enable read key.
bac_dpe# snmp hash read key o8nsotIdwQGUK31H6pTvrAUQ9n7okH4wF3YfUrS76eqTvtuywAvg6jY2gbjcwxm
This result occurs when you enable write key.
bac_dpe# snmp hash write key o8nsotIdwQGUK31H6pTvrAUQ9n7okH4wF3YfUrS76eqTvtuywAvg6jY2gbjcwxm
Defaults
No default behavior or values.
snmp hash read/write enable
Use the snmp hash read/write enable command to enable/disable the hashed SNMP community string read/write feature, using the following commands:
Syntax Description
snmp hash read enable true / false
snmp hash write enable true / false
To enable the SNMP hash feature, the configuration parameters (community, format, and key) have to be set on the DPE. The other parameters (function and length) are optional. You can use this command to enable either to read or write the community string replacement at a time.
This configuration can be viewed as part of the show running-config command output, which displays the current DPE configuration.
Examples
This result occurs when you enable read snmp hash community string.
bac_dpe# snmp hash read enable true
This result occurs when you enable write snmp hash community string.
bac_dpe# snmp hash write enable true
Defaults
No default behavior or values.
snmp hash function
Use the snmp hash function command to configure the cryptographic hash function:
Syntax Description
snmp hash function <function parameter>
The <function parameter> specifies the following supported hash functions:
– HmacSHA1
– HmacSHA256
– HmacSHA512
Examples
This result occurs when you enable dpe tftp event of the DPE.
bac_dpe# snmp hash function HmacSHA1
Defaults
The default value is HmacSHA512.
snmp hash length
Use the snmp hash length command to reduce the length of the read/write hash SNMP community string:
Syntax Description
snmp hash length <length parameter>
The <length parameter> specifies the length of the hash output to form the SNMP community string. If this parameter is not configured the whole hash is used as the SNMP community string.
This configuration can be viewed as part of the show running-config command output, which displays the current DPE configuration. The minimum value is 1.
Examples
bac_dpe# snmp hash length 15
Defaults
The whole hash is considered as the SNMP community string.