Add a User to a Group
Add a user to a group to logically group users who require the same level of access.
Procedure
Example
Add a user to a group to logically group users who require the same level of access:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#snmp-server user test4 group grouptest4 md5 aes Enter the authentication protocol password : ******** Re-enter the authentication protocol password : ******** Enter the privacy protocol password : ******** Re-enter the privacy protocol password : ******** WARNING: For best security practices avoid the use of repeated patterns in passwords. Switch:1(config)#show snmp-server group ************************************************************************************ ========================================================================================== VACM Group Membership Configuration ========================================================================================== Sec Model Security Name Group Name ------------------------------------------------------------------------------------------ snmpv1 readview readgrp snmpv1 initialview v1v2grp snmpv2c readview readgrp snmpv2c initialview v1v2grp usm test1 Grouptest1 usm test2 geet1 usm test4 grouptest4 7 out of 7 Total entries displayed -------------------------------------------------------------------------------- ========================================================================================== VACM Group Access Configuration ========================================================================================== Group Prefix Model Level ReadV WriteV NotifyV ------------------------------------------------------------------------------------------ initial usm noAuthNoPriv root root root initial usm authPriv root root root initial vrf512 usm noAuthNoPriv vrf vrf vrf initial vrf512 usm authPriv vrf vrf vrf readgrp snmpv1 noAuthNoPriv v1v2only org readgrp snmpv2c noAuthNoPriv v1v2only org readgrp vrf512 snmpv1 noAuthNoPriv vrf vrf readgrp vrf512 snmpv2c noAuthNoPriv vrf vrf v1v2grp snmpv1 noAuthNoPriv v1v2only v1v2only v1v2only v1v2grp snmpv2c noAuthNoPriv v1v2only v1v2only v1v2only v1v2grp vrf512 snmpv1 noAuthNoPriv vrf vrf vrf v1v2grp vrf512 snmpv2c noAuthNoPriv vrf vrf vrf 12 out of 12 Total entries displayed --------------------------------------------------------------------------------
Variable Definitions
The following table defines parameters for the snmp-server user command.
Variable |
Value |
---|---|
{aes|des} |
Specifies a privacy protocol. If no value is entered, no authentication capability exists. The choices are aes or des. Important:
You must set authentication before you can set the privacy option. |
engine-id WORD<16-97> |
Assigns an SNMPv3 engine ID. Use the no operator to remove this configuration. |
group WORD<1-32> |
Specifies the group access name. |
{md5|sha} |
Specifies an authentication protocol. If no value is entered, no authentication capability exists. The protocol choices are: MD5 and SHA. |
notify-view WORD<0-32> |
Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view. |
read-view WORD<0-32> |
Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view. |
write-view WORD<0-32> |
Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view. |
user WORD<1-32> |
Creates the new entry with this security name. The name is used as an index to the table. The range is 1–32 characters. Use the no operator to remove this configuration. |