snmpv3 user

snmpv3 user <NAME>

[auth <AUTH-PROTO> auth-pass [{plaintext | ciphertext} <AUTH-PASS>]]

[priv <PRIV-PROTO> priv-pass [{plaintext | ciphertext} <PRIV-PASS>]]

no snmpv3 user <NAME>

[auth <AUTH-PROTO> auth-pass [{plaintext | ciphertext} <AUTH-PASS>]]

[priv <PRIV-PROTO> priv-pass [{plaintext | ciphertext} <PRIV-PASS>]]

Description

Creates an SNMPv3 user and adds it to an SNMPv3 context. The SNMPv3 security level (set with command snmpv3 security-level) determines which users are allowed to authenticate.

The no form of this command removes the specified SNMPv3 user.

Parameter

Description

<NAME>

Specifies the SNMPv3 username. Range 1 to 32 printable ASCII characters, excluding space and question mark (?).

auth <AUTH-PROTO>

Selects the authentication protocol used to validate user logins: md5 or sha1.

auth-pass [{plaintext | ciphertext} <AUTH-PASS>]

Specifies the SNMPv3 user authentication password. Range for plaintext is 8 to 32 printable ASCII characters, excluding space and question mark (?). Range for ciphertext is 1 to 256 printable ASCII characters. Ciphertext is used when copying user configuration settings between switches.

priv <PRIV-PROTO>

Selects the SNMPv3 privacy protocol (encryption method): aes or des.

priv-pass [{plaintext | ciphertext} <PRIV-PASS>]

Specifies the SNMPv3 user privacy encryption password. Range for plaintext is 8 to 32 printable ASCII characters, excluding space and question mark (?). Range for ciphertext is 1 to 256 printable ASCII characters. Ciphertext is used when copying user configuration settings between switches.

When the authentication password is not provided on the command line, plaintext authentication password prompting occurs upon pressing Enter, followed by privacy encryption protocol prompting, and finally plaintext encryption password prompting. The entered password characters are masked with asterisks.

When the authentication type and password plus the privacy protocol (encryption method) are provided on the command line but the encryption password is not provided, plaintext encryption password prompting occurs upon pressing Enter. The entered password characters are masked with asterisks.

Examples

Defining SNMPv3 user Admin1 using sha authentication and des privacy encryption with provided plaintext passwords:

switch(config)# snmpv3 user Admin1 auth sha auth-pass plaintext F82#450h priv des priv-pass plaintext F82#4eva

Defining SNMPv3 user Admin2 using MD5 authentication and AES privacy encryption with provided authentication password and privacy encryption type but prompted encryption password:

switch(config)# snmpv3 user Admin2 auth md5 auth-pass plaintext F82#450h

priv aes priv-pass

Enter the privacy encryption key: ********

Re-Enter the privacy encryption key: ********

Defining SNMPv3 user Admin2 using MD5 authentication and AES privacy encryption with plaintext password prompting and privacy encryption selection:

switch(config)# snmpv3 user Admin2 auth md5 auth-pass Enter the authentication password: ********

Re-Enter the authentication password: ********

 

Configure the privacy protocol (y/n)? y

Enter the privacy protocol (aes/des)? aes

 

Enter the privacy encryption key: ********

Re-Enter the privacy encryption key: ********

Removing SNMPv3 user Admin1:

switch(config)# no snmpv3 user Admin1

Creating an SNMP user on switch 1 and then creating the same user on switch 2 by copying from the switch 1 configuration:

On switch 1, configure a user named Admin3, and then use the show running-config command to display switch configuration. Save a copy of the full snmpv3 user command (shown by show running-config). This saved command is used on switch 2.

switch1(config)# snmpv3 user Admin3 auth sha auth-pass plaintext F82#450h

priv des priv-pass plaintext F82#4eva

switch1(config)# exit

switch1# show running-config

Current configuration:

!

!Version AOS-CX xx.xx.xx.xxxxxx

!

snmpv3 user Admin3 auth sha auth-pass ciphertext AQBaf2d...FJVcZ3o=

priv des priv-pass ciphertext AQBaH2p...2jfTFwQ=

ssh server vrf mgmt

!

interface mgmt

no shutdown

ip dhcp

vlan 1

On switch 2, execute the snmpv3 user command that you saved from switch 1 (as shown by show running-config). This creates the user on switch 2 with the same configuration.

switch2(config)# snmpv3 user Admin3 auth sha auth-pass ciphertext AQBaf2d...FJVcZ3o= priv des priv-pass ciphertext AQBaH2p...2jfTFwQ=

Command History

Release

Modification

10.07 or earlier

--

Command Information

Platforms

Command context

Authority

All platforms

config

Administrators or local user group members with execution rights for this command.