API Guide
snmp-server user
Authorizes a user to access the SNMP agent and receive SNMP messages.
Syntax
snmp-server user user-name group-name security-model [[noauth | auth {md5 |
sha} auth-password] [priv {des | aes} priv-password]] [localized] [access
acl-name] [remote ip-address udp-port port-number]]
Parameters
● user-name — Enter the name of the user. A maximum of 32 alphanumeric characters.
● group-name — Enter the name of the group to which the user belongs. A maximum of 32
alphanumeric characters.
● security-model — Enter an SNMP version that sets the security level for SNMP messages:
○ 1 — SNMPv1 provides no user authentication or privacy protection. SNMP messages are sent in
plain text.
○ 2c — SNMPv2c provides no user authentication or privacy protection. SNMP messages are sent
in plain text.
○ 3 — SNMPv3 provides optional user authentication and encryption for SNMP messages.
● noauth — (SNMPv3 only) Configure SNMPv3 messages to send without user authentication and
privacy encryption.
● auth — (SNMPv3 only) Include a user authentication key for SNMPv3 messages sent to the user:
○ md5 — Generate an authentication key using the MD5 algorithm.
○ sha — Generate an authentication key using the SHA algorithm.
○ auth-password — Enter a text string used to generate the authentication key that identifies
the user; a maximum of 32 alphanumeric characters maximum. For an encrypted password, you
can enter the encrypted string instead of plain text.
● priv — (SNMPv3 only) Configure encryption for SNMPv3 messages sent to the user:
○ aes — Encrypt messages using AES 128-bit algorithm.
○ des — Encrypt messages using DES 56-bit algorithm.
○ priv-password — Enter a text string used to generate the privacy key used in encrypted
messages. A maximum of 32 alphanumeric characters. For an encrypted password, enter the
encrypted string instead of plain text.
● localized — (SNMPv3 only) Generate an SNMPv3 authentication and/or privacy key in localized
key format.
● access acl-name — (Optional) Enter the name of an IPv4 or IPv6 access list to filter SNMP
requests on the switch. A maximum of 16 characters.
● remote ip-address/prefix-length udp-port port-number — (Optional) Enter the IPv4
or IPv6 address of the user's remote device and the UDP port number used to connect to the SNMP
agent on the switch, from 0 to 65535. The default is 162.
Defaults
Not configured
Command Mode CONFIGURATION
Usage
Information
Use the snmp-server user command to set up the desired security level for SNMP access. For
SNMPv3 users, configure user authorization and message encryption. Re-enter this command multiple
times to configure SNMP security settings for all users.
The group to which a user is assigned determines the user's SNMP access. To configure a group's SNMP
access to the switch — read, write, and notify, use the snmp-server user command.
No default values exist for SNMPv3 authentication and privacy algorithms and passwords. If you forget a
password, you cannot recover it — you must reconfigure the user. You can specify either a plain-text
password or an encrypted cypher-text password. In either case, the password stores in the configuration
in an encrypted form and displays as encrypted in the show running-config snmp output.
A localized authentication or privacy key is more complex and provides greater privacy protection. To
display the localized authentication and privacy keys in an SNMPv3 user configuration, use the show
running-configuration snmp command.
To limit user access to the SNMP agent on the switch, enter an access acl-name value. In IPv6 ACLs,
SNMP supports only IPv6 and UDP types. TCP, ICMP, and port rules are not supported.
172 System management