API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n

161

162

163

164

165

166

167

168

169

170

groupname : v3group

version : 3

security level : priv

notifyview : alltraps

readview : readview

writeview : writeview

Configure SNMP users

Configure user access to the SNMP agent on the switch using group membership. Assign each user to a group and configure

SNMPv3-specific authentication and encryption settings, and optionally, localized security keys and ACL-based access. Re-

enter the command multiple times to configure SNMP security settings for all users.

snmp-server user user-name group-name security-model [[noauth | auth {md5 | sha} auth-

password]

[priv {des | aes}]] [localized] [access acl-name] [remote ip-address udp-port port-

number]]

The group to which a user is assigned determines the user's access privilege. To configure a group's access privilege — read,

write, and notify — to the switch, use the snmp-server group command. The security model for SNMPv3 provides the

strongest security with user authentication and packet encryption.

No default values exist for SNMPv3 authentication and privacy algorithms and passwords. If you forget a password, you cannot

recover it — you must reconfigure the user. You can specify either a plain-text password or an encrypted cypher-text

password. In either case, the password stores in the configuration in encrypted form and displays as encrypted in the show

running-config snmp output.

A localized authentication or privacy key is more complex and provides greater privacy protection. Localized keys are generated

using the engine ID of the switch. For this reason, you cannot use the localized SNMP security passwords in the configuration

file on another switch. For more information, see Configure SNMP engine ID. To display the localized authentication and privacy

keys in an SNMPv3 user configuration, use the show running-configuration snmp command.

To limit user access to the SNMP agent on the switch, enter an access acl-name value. In IPv6 ACLs, SNMP supports only

IPv6 and UDP types. TCP, ICMP, and port rules are not supported.

To display the configured SNMP users, use the show snmp user command.

Configure SNMPv1 or v2c users

OS10(config)# snmp-server user admin1 netadmingroup 2c acl acl_AdminOnly

Configure SNMPv3 users

OS10(config)# snmp-server user privuser v3group 3 encrypted auth

md59fc53d9d908118b2804fe80e3ba8763d priv des56 d0452401a8c3ce42804fe80e3ba8763d

OS10(config)# snmp-server user n3user ngroup remote 172.31.1.3 udp-port 5009 3 auth md5

authpasswd

Display SNMP users

OS10# show snmp user

User name : privuser

Group : v3group

Version : 3

Authentication Protocol : MD5

Privacy Protocol : AES

Generate SNMPv3 localized keys

The user-based security model in SNMP v3 offers strong authentication and encryption using the following algorithms:

● Authentication algorithms—MD5 and SHA

● Encryption algorithms—DES and AES-128

System management

163