Administrator Guide
Usage Information
NOTE: For IPv6 ACLs, only IPv6 and UDP types are valid for SNMP. TCP and ICMP rules are not
valid for SNMP. In IPv6 ACLs port rules are not valid for SNMP.
No default values exist for authentication or privacy algorithms and no default password exists. If you forget a
password, you cannot recover it; the user must be reconfigured. You can specify either a plain-text password or
an encrypted cypher-text password. In either case, the password is stored in the configuration in an encrypted
form and displayed as encrypted in the show running-config command.
If you have an encrypted password, you can specify the encrypted string instead of the plain-text password. The
following command is an Example of how to specify the command with an encrypted string.
NOTE: The number of configurable users is limited to 16.
Example
DellEMC# snmp-server user privuser v3group v3 encrypted auth md5
9fc53d9d908118b2804fe80e3ba8763d priv des56 d0452401a8c3ce42804fe80e3ba8763d
Usage Information The following command is an example of how to enter a plain-text password as the string authpasswd for user
authuser of group v3group.
Example
DellEMC#conf
DellEMC(conf)# snmp-server user authuser v3group v3 auth md5 authpasswd
Usage Information The following command configures a remote user named n3user with a v3 security model and a security level of
authNOPriv.
Example
DellEMC#conf
DellEMC(conf)# snmp-server user n3user ngroup remote 172.31.1.3 udp-port
5009 3
auth md5 authpasswd
Related
Commands
• show snmp user — displays the information configured on each SNMP user name.
snmp-server user (for AES128-CFB Encryption)
Specify that AES128-CFB encryption algorithm needs to be used for transmission of SNMP information. The Advanced Encryption
Standard (AES) Cipher Feedback (CFB) 128-bit encryption algorithm is in compliance with RFC 3826. RFCs for SNMPv3 define two
authentication hash algorithms, namely, HMAC-MD5-96 and HMAC-SHA1-96. These are the full forms or editions of the truncated
versions, namely, HMAC-MD5 and HMAC-SHA1 authentication algorithms.
Syntax
snmp-server user name {group_name remote ip-address udp-port port-number} [1 |
2c | 3] [encrypted] [auth {md5 | sha} auth-password] [priv {des56 | aes128–cfb}
priv– password] [access access-list-name | ipv6 access-list-name | access-list-
name ipv6 access-list-name]
To remove a user from the SNMP group, use the no snmp-server user name {group_name remote
ip-address udp-port port-number} [1 | 2c | 3] [encrypted] [auth {md5 | sha}
auth-password] [priv {des56 | aes128–cfb} priv-password] [access access-list-
name | ipv6 access-list-name | access-list-name ipv6 access-list-name] command.
Parameters
auth-password
(OPTIONAL) Enter a text string (up to 20 characters long) password that enables the
agent to receive packets from the host and to send packets to the host. Minimum: eight
characters long.
aes128 (OPTIONAL) Enter the keyword aes128 to initiate the AES128-CFB encryption
algorithm for transmission of SNMP packets.
priv-password
(OPTIONAL) Enter a text string (up to 20 characters long) password that enables the
host to encrypt the contents of the message it sends to the agent and to decrypt the
contents of the message it receives from the agent. Minimum: eight characters long.
Simple Network Management Protocol (SNMP) and Syslog 1441