R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Command Reference-6PW101
186
Each SNMP user belongs to an SNMP group. Before creating a user, create an SNMP group first.
Otherwise, the user can be created successfully but does not take effect. An SNMP group may contain
multiple users. It defines SNMP objects accessible to the group of users in the MIB view and specifies
whether to enable authentication and privacy functions. The authentication and encryption algorithms
are defined when a user is created.
• If you specify the cipher keyword, the system considers the arguments auth-password and
priv-password as encrypted keys, and does not encrypt them when executing this command.
• If you do not specify the cipher keyword, the system considers the arguments auth-password and
priv-password as plaintext keys, and encrypts them when executing this command.
Specify the cipher keyword when you roll back, copy or paste the running configuration. For example,
assume that you have created SNMPv3 user A and configured both authentication and privacy keys of
this user as xyz. To make the configuration of user A still effective after the configuration is copied, pasted,
and re-executed, specify the cipher keyword when you create user A with this command. Otherwise,
after you copy, paste, or re-execute the configuration, the device creates user A, but the corresponding
keys are not xyz.
When you use the snmp-agent usm-user v3 cipher command, the pri-password argument in this
command can be obtained by the snmp-agent calculate-password command. To make the calculated
encrypted key applicable to the snmp-agent usm-user v3 cipher command and have the same effect as
that in the snmp-agent usm-user v3 cipher command, make sure that the same encryption algorithm is
specified for the two commands and the local engine ID specified in the snmp-agent usm-user v3 cipher
command is consistent with the SNMP entity engine ID specified in the snmp-agent calculate-password
command.
When you execute this command repeatedly to configure the same user (the user names remain the same,
no limitation to other keywords and arguments), the last configuration takes effect.
Remember the username and the plaintext password when you create a user. A plaintext password is
required when the NMS accesses the SNMP agent.
In FIPS mode, MD5, DES56 and 3DES are not available.
Related commands: snmp-agent calculate-password, snmp-agent group, and snmp-agent usm-user
{ v1 | v2c }.
Examples
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as authentication
without privacy, the authentication algorithm as MD5, the plain-text key as authkey.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup authentication
[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey
To access the SNMP agent, specifically, the default view (ViewDefault) in this example, the NMS can use
the protocol SNMPv3, username testUser, authentication algorithm MD5, and authentication key
authkey.
# Add a user testUser to the SNMPv3 group testGroup. Configure the security model as authentication
and privacy, the authentication algorithm as MD5, the privacy algorithm as DES56, the plain-text
authentication key as authkey, and the plain-text privacy key as prikey.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup privacy
[Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey
privacy-mode des56 prikey