Users and SNMPv3


SNMPv3 creates users as access control mechanisms, and creating users is secure and flexible.


You can also require that users must authenticate and use encryption.



Note: Prior to Version 2.6, MD5 was the default authentication protocol. With Version 2.6, Netvisor One One supports SHA1 and is the default authentication protocol. You must specify MD5 if MD5 authentication is required.



Use the following command to create a user:

CLI network-admin@Leaf1 > snmp-user-create user-name name-string auth-password [auth|no-auth] priv-password [priv|no-priv]

To create the user, snmp-admin, with authentication, password m0nk3ys, use the following command:


CLI network-admin@Leaf1 > snmp-user-create user-name snmp-admin auth-password auth


auth password: ********

confirm password: ********


To modify the SNMP user and add  the password, b33h!v3, use the following command:


CLI network-admin@Leaf1 > snmp-user-modify user-name snmp-admin auth-password auth priv-password priv


priv-password priv

auth password: ********

confirm password: ********

priv password: ******

confirm password: ******

 

To display information about the SNMP user, use the following command:


CLI network-admin@Leaf1>snmp-user-show user-name snmp-user


switch      user-name auth priv

--------    --------- ---- ----

pleiades24  snmp-user yes  yes

 


To delete the SNMP user, use the snmp-user-delete command.


After you create the user, you must grant permission, using View Access Control Model (VACM) to view SNMP objects:

CLI network-admin@Leaf1 > snmp-vacm-create user-name name-string user-type [rouser|rwuser] oid-restrict string [auth|no-auth] [priv|no-priv]

The parameter, oid-restrict, is an optional argument that specifies a MIB sub-tree that the view is restricted. In other words, if you specify an OID, only that OID and the descendants in the tree are visible in this view.


To continue with the previous example, snmp-user is a read-only user restricted only to sysContact OID:


CLI network-admin@Leaf1 > snmp-vacm-create user-name snmp-user user-type rouser oid-restrict sysContact no-auth no-priv


To modify the VACM configuration and change no authentication to authentication, use the following command:


CLI network-admin@Leaf1 > snmp-vacm-modify user-name snmp-user user-type rouser auth


To display information about the VACM configuration, use the snmp-vacm-show command:


switch     user-type user-name oid-restrict view auth priv

------     --------- --------- ------------ ---- ---- ----

pleiades24 rouser    snmp-user sysContact        no   no



To delete the VACM user from the SNMP configuration, use the snmp-vacm-delete command:


CLI network-admin@Leaf1>snmp-vacm-delete user-name snmp-user