API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n

171

172

173

174

175

176

177

178

179

180

snmp-server user

Authorizes a user to access the SNMP agent and receive SNMP messages.

Syntax

snmp-server user user-name group-name security-model [[noauth | auth {md5 |

sha} auth-password] [priv {des | aes} priv-password]] [localized] [access

acl-name] [remote ip-address udp-port port-number]]

Parameters

● user-name — Enter the name of the user. A maximum of 32 alphanumeric characters.

● group-name — Enter the name of the group to which the user belongs. A maximum of 32

alphanumeric characters.

● security-model — Enter an SNMP version that sets the security level for SNMP messages:

○ 1 — SNMPv1 provides no user authentication or privacy protection. SNMP messages are sent in

plain text.

○ 2c — SNMPv2c provides no user authentication or privacy protection. SNMP messages are sent

in plain text.

○ 3 — SNMPv3 provides optional user authentication and encryption for SNMP messages.

● noauth — (SNMPv3 only) Configure SNMPv3 messages to send without user authentication and

privacy encryption.

● auth — (SNMPv3 only) Include a user authentication key for SNMPv3 messages sent to the user:

○ md5 — Generate an authentication key using the MD5 algorithm.

○ sha — Generate an authentication key using the SHA algorithm.

○ auth-password — Enter a text string used to generate the authentication key that identifies

the user; a maximum of 32 alphanumeric characters maximum. For an encrypted password, you

can enter the encrypted string instead of plain text.

● priv — (SNMPv3 only) Configure encryption for SNMPv3 messages sent to the user:

○ aes — Encrypt messages using AES 128-bit algorithm.

○ des — Encrypt messages using DES 56-bit algorithm.

○ priv-password — Enter a text string used to generate the privacy key used in encrypted

messages. A maximum of 32 alphanumeric characters. For an encrypted password, enter the

encrypted string instead of plain text.

● localized — (SNMPv3 only) Generate an SNMPv3 authentication and/or privacy key in localized

key format.

● access acl-name — (Optional) Enter the name of an IPv4 or IPv6 access list to filter SNMP

requests on the switch. A maximum of 16 characters.

● remote ip-address/prefix-length udp-port port-number — (Optional) Enter the IPv4

or IPv6 address of the user's remote device and the UDP port number used to connect to the SNMP

agent on the switch, from 0 to 65535. The default is 162.

Defaults

Not configured

Command Mode CONFIGURATION

Usage

Information

Use the snmp-server user command to set up the desired security level for SNMP access. For

SNMPv3 users, configure user authorization and message encryption. Re-enter this command multiple

times to configure SNMP security settings for all users.

The group to which a user is assigned determines the user's SNMP access. To configure a group's SNMP

access to the switch — read, write, and notify, use the snmp-server user command.

No default values exist for SNMPv3 authentication and privacy algorithms and passwords. If you forget a

password, you cannot recover it — you must reconfigure the user. You can specify either a plain-text

password or an encrypted cypher-text password. In either case, the password stores in the configuration

in an encrypted form and displays as encrypted in the show running-config snmp output.

A localized authentication or privacy key is more complex and provides greater privacy protection. To

display the localized authentication and privacy keys in an SNMPv3 user configuration, use the show

running-configuration snmp command.

To limit user access to the SNMP agent on the switch, enter an access acl-name value. In IPv6 ACLs,

SNMP supports only IPv6 and UDP types. TCP, ICMP, and port rules are not supported.

172 System management