For RADIUS authentication you need your SM to have a user-provisioned certificate. To upload this certificate via SNMP to SM, the following steps are required:
- Check that SM is accessible and its SNMP options (community etc.) are configured.
- Copy the content of CA certificate and paste it to the command like in the rough example below:
snmpset -v2c -c private 169.254.1.1 .1.3.6.1.4.1.17713.21.3.8.8.2.0 s "-----BEGIN CERTIFICATE-----
> MIIDyDCCArCgAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJVUzER
> MA8GA1UECAwISWxsaW5vaXMxGDAWBgNVBAcMD1JvbGxpbmcgTWVhZG93czEZMBcG
> UkFESVVTLXRlc3QtQ0EwHhcNMjMwODE2MTQxMjM1WhcNMjcwODE2MTQxMjM1WjB9
> ZVBNUDEXMBUGA1UEAwwOUkFESVVTLXRlc3QtQ0EwggEiMA0GCSqGSIb3DQEBAQUA
> dFYPVWdQINrevWSX0wtSbS8MQ33WsB1DAAJpGsPatJawSgZsRO5NQlRoawp+eQe8
> J0W/964y36Q14AHyM//4pg4hDvNhTE5p0D/J5gOyV7b8W6oWTf6eAYXueokTYIbY
> 7N02b7WfYwP21B/k0avJW0qBIXleZqeJRTz/d9lHoaA0bfrBqPao3OdvNbx4Ayo/
> Z5+0fy++zgJmhip0
> -----END CERTIFICATE-----"
- Apply the change
snmpset -v2c -c private 169.254.1.1 .1.3.6.1.4.1.17713.21.4.4.0 i 1
- Save
snmpset -v2c -c private 169.254.1.1 .1.3.6.1.4.1.17713.21.4.3.0 i 1
- And reboot
snmpset -v2c -c private 169.254.1.1 .1.3.6.1.4.1.17713.21.4.1.0 i 1
You may want to confirm if the certificate is set with snmpget command
snmpget -v2c -c private 169.254.1.1 .1.3.6.1.4.1.17713.21.3.8.8.2.0
And it should return the exact body of your uploaded certificate
iso.3.6.1.4.1.17713.21.3.8.8.2.0 = STRING: "-----BEGIN CERTIFICATE-----
MIIDyDCCArCgAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJVUzER
MA8GA1UECAwISWxsaW5vaXMxGDAWBgNVBAcMD1JvbGxpbmcgTWVhZG93czEZMBcG
UkFESVVTLXRlc3QtQ0EwHhcNMjMwODE2MTQxMjM1WhcNMjcwODE2MTQxMjM1WjB9
ZVBNUDEXMBUGA1UEAwwOUkFESVVTLXRlc3QtQ0EwggEiMA0GCSqGSIb3DQEBAQUA
dFYPVWdQINrevWSX0wtSbS8MQ33WsB1DAAJpGsPatJawSgZsRO5NQlRoawp+eQe8
J0W/964y36Q14AHyM//4pg4hDvNhTE5p0D/J5gOyV7b8W6oWTf6eAYXueokTYIbY
7N02b7WfYwP21B/k0avJW0qBIXleZqeJRTz/d9lHoaA0bfrBqPao3OdvNbx4Ayo/
Z5+0fy++zgJmhip0
-----END CERTIFICATE-----
"
This example uses snmpget/snmpset linux commands from Net-Snmp, but it can easily be extended to the use of a MIB browser.