R21xx-HP FlexFabric 11900 Network Management and Monitoring Command Reference
104
local: Specifies the local SNMP engine.
engineid engineid-string: Specifies an SNMP engine. The engineid-string argument represents the
engine ID and must comprise an even number of hexadecimal characters, in the range of 10 to 64.
All-zero and all-F strings are invalid.
Usage guidelines
You must create an SNMPv3 group before you assign an SNMPv3 user to the group. Otherwise, the user
cannot take effect after it is created. An SNMP group contains one or multiple users and specifies the MIB
views and security model for the group of users. The authentication and encryption algorithms for each
user are specified when they are created.
SNMPv3 users are valid only on the SNMP engine that creates them. By default, SNMPv3 users are
created on the local SNMP engine. When you create an SNMPv3 user for sending SNMP inform
messages, you must associate it with the remote SNMP engine.
If you configure an SNMPv3 user multiple times, the most recent configuration takes effect.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Make sure you remember the username and the plain text of the keys. When you access the device from
an NMS, you must provide this information.
Examples
# Add the user testUser to the SNMPv3 group testGroup, enable the authentication without privacy
security model for the group, and specify the authentication algorithm sha and the authentication key
authkey in plain text for the user.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup authentication
[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha authkey
An NMS can use the same SNMPv3 username, SNMP protocol version, and authentication algorithm
and key as the SNMP agent to access the MIB objects in the default view ViewDefault.
# Add the user testUser to the SNMPv3 group testGroup, enable the authentication and privacy security
model for the group, and specify the authentication algorithm sha, the privacy algorithm aes128, the
plaintext authentication key authkey, and the plaintext privacy key prikey for the user.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup privacy
[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha authkey
privacy-mode aes128 prikey
An NMS can use the same SNMPv3 username, SNMP protocol version, authentication algorithm,
privacy algorithm, and plaintext authentication and privacy keys as the SNMP agent to access the MIB
objects in the default view ViewDefault.
# Add the user remoteUser for the SNMP remote engine at 10 .1.1.1 t o t h e S N M P v 3 g r o u p testGroup,
enable the authentication and privacy security model for the group, specify the authentication algorithm
sha, the privacy algorithm aes128, the plaintext authentication key authkey, and the plaintext privacy
key prikey for the user.
<Sysname> system-view
[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A
[Sysname] snmp-agent group v3 testGroup privacy
[Sysname] snmp-agent usm-user v3 remoteUser testGroup remote 10.1.1.1 simple
authentication-mode sha authkey privacy-mode aes128 prikey