Users and SNMPv3

SNMPv3 creates users as access control mechanisms, and creating users is secure and flexible. You can also require that users must authenticate and use encryption.


 

Informational Note:  Prior to Version 2.6, MD5 was the default authentication protocol. With Version 2.6, Netvisor OS supports SHA1 and is the default authentication protocol. You must specify MD5 if MD5 authentication is required.

Use the following command to create a user:

CLI network-admin@@Leaf1>snmp-user-create user-name name-string auth-password [auth|no-auth] priv-password [priv|no-priv]

To create the user, snmp-admin, with authentication, password m0nk3ys, use the following command:

CLI network-admin@@Leaf1>snmp-user-create user-name snmp-admin auth-password auth

auth password: ********

confirm password: ********

To modify the SNMP user and add  the password, b33h!v3, use the following command:

CLI network-admin@@Leaf1>snmp-user-modify user-name snmp-admin auth-password auth priv-password priv

priv-password priv

auth password: ********

confirm password: ********

priv password: ******

confirm password: ******

 

To display information about the SNMP user, use the following command:

CLI network-admin@@Leaf1>snmp-user-show user-name snmp-user

switch      user-name auth priv

--------    --------- ---- ----

pleiades24  snmp-user yes  yes

 

To delete the SNMP user, use the snmp-user-delete command.

After you create the user, you must grant permission, using View Access Control Model (VACM) to view SNMP objects:

CLI network-admin@@Leaf1>snmp-vacm-create user-name name-string user-type [rouser|rwuser] oid-restrict string [auth|no-auth] [priv|no-priv]

The parameter, oid-restrict, is an optional argument that specifies a MIB sub-tree that the view is restricted. In other words, if you specify an OID, only that OID and the descendants in the tree are visible in this view.

To continue with the previous example, snmp-user is a read-only user restricted only to sysContact OID:

CLI network-admin@@Leaf1>snmp-vacm-create user-name snmp-user user-type rouser oid-restrict sysContact no-auth no-priv

To modify the VACM configuration and change no authentication to authentication, use the following command:

CLI network-admin@@Leaf1>snmp-vacm-modify user-name snmp-user user-type rouser auth

To display information about the VACM configuration, use the snmp-vacm-show command:

switch     user-type user-name oid-restrict view auth priv

------     --------- --------- ------------ ---- ---- ----

pleiades24 rouser    snmp-user sysContact        no   no

 

To delete the VACM user from the SNMP configuration, use the snmp-vacm-delete command:

CLI network-admin@@Leaf1>snmp-vacm-delete user-name snmp-user