Was this helpful?
Users and SNMPv3
SNMPv3 protocol supports the creation of users with authentication and encryption. Netvisor ONE supports SHA1 or MD5 as the authentication protocols and DES56 as the encryption algorithm. The default authentication protocol supported is SHA1.
You can create a user without providing the authentication and privilege password options. For example,
CLI network-admin@switch > snmp-user-create user-name name-string auth priv
Use the following command to create a user by providing the authentication and privilege password options:
CLI network-admin@switch > snmp-user-create user-name name-string auth-password [auth|no-auth] priv-password [priv|no-priv]
To create the user, pluribus, with authentication password m0nk3ys$, use the following command:
CLI network-admin@switch > snmp-user-create user-name pluribus auth-password auth
auth password: ********
confirm password: ********
 
The password should have at least eight (8) characters and can be a combination oif alphabets, numbers and special characters. To modify the SNMP user and add the password, b33h!v3#, use the following command:
CLI network-admin@switch > snmp-user-modify user-name pluribus auth-password auth priv-password priv
priv-password priv
auth password: ********
confirm password: ********
priv password: ********
confirm password: ********
 
To display information about the SNMP user, use the following command:
CLI network-admin@switch > snmp-user-show user-name pluribus
switch    user-name auth priv
--------    --------- ---- ----
pleiades24  pluribus yes yes
 
To delete the SNMP user, use the snmp-user-delete command.
After you create the user, you must grant permission, using View Access Control Model (VACM) to view SNMP objects:
CLI network-admin@switch > snmp-vacm-create user-name name-string user-type [rouser|rwuser] oid-restrict string [auth|no-auth] [priv|no-priv]
The command parameter, oid-restrict, an optional argument, specifies a MIB sub-tree with a restricted view. . In other words, if you specify an OID, you can only see that OID and the descendants in the tree .
To continue with the previous example, Netvisor ONE restricts snmp-user as a read-only user for sysContact OID:
CLI network-admin@switch > snmp-vacm-create user-name snmp-user user-type rouser oid-restrict sysContact no-auth no-priv
To modify the VACM configuration of the user and to change no authentication to authentication, use the following command:
CLI network-admin@switch > snmp-vacm-modify user-name snmp-user user-type rouser auth
To display information about the VACM configuration, use the snmp-vacm-show command:
switch   user-type user-name oid-restrict view auth priv
------     --------- --------- ------------ ---- ---- ----
pleiades24 rouser snmp-user sysContact no no
 
To delete the VACM of the user from the SNMP configuration, use the snmp-vacm-delete command:
CLI network-admin@switch > snmp-vacm-delete user-name snmp-user