Add a User to a Group
Add a user to a group to logically group users who require the same level of access.
Procedure
Example
Add a user to a group to logically group users who require the same level of access:
Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#snmp-server user test4 group grouptest4 md5 aes
Enter the authentication protocol password : ********
Re-enter the authentication protocol password : ********
Enter the privacy protocol password : ********
Re-enter the privacy protocol password : ********
WARNING: For best security practices avoid the use
of repeated patterns in passwords.
Switch:1(config)#show snmp-server group
************************************************************************************
==========================================================================================
VACM Group Membership Configuration
==========================================================================================
Sec Model Security Name Group Name
------------------------------------------------------------------------------------------
snmpv1 readview readgrp
snmpv1 initialview v1v2grp
snmpv2c readview readgrp
snmpv2c initialview v1v2grp
usm test1 Grouptest1
usm test2 geet1
usm test4 grouptest4
7 out of 7 Total entries displayed
--------------------------------------------------------------------------------
==========================================================================================
VACM Group Access Configuration
==========================================================================================
Group Prefix Model Level ReadV WriteV NotifyV
------------------------------------------------------------------------------------------
initial usm noAuthNoPriv root root root
initial usm authPriv root root root
initial vrf512 usm noAuthNoPriv vrf vrf vrf
initial vrf512 usm authPriv vrf vrf vrf
readgrp snmpv1 noAuthNoPriv v1v2only org
readgrp snmpv2c noAuthNoPriv v1v2only org
readgrp vrf512 snmpv1 noAuthNoPriv vrf vrf
readgrp vrf512 snmpv2c noAuthNoPriv vrf vrf
v1v2grp snmpv1 noAuthNoPriv v1v2only v1v2only v1v2only
v1v2grp snmpv2c noAuthNoPriv v1v2only v1v2only v1v2only
v1v2grp vrf512 snmpv1 noAuthNoPriv vrf vrf vrf
v1v2grp vrf512 snmpv2c noAuthNoPriv vrf vrf vrf
12 out of 12 Total entries displayed
--------------------------------------------------------------------------------
Variable Definitions
The following table defines parameters for the snmp-server user command.
|
Variable |
Value |
|---|---|
|
{aes|des} |
Specifies a privacy protocol. If no value is entered, no authentication capability exists. The choices are aes or des. Important:
You must set authentication before you can set the privacy option. |
|
engine-id WORD<16-97> |
Assigns an SNMPv3 engine ID. Use the no operator to remove this configuration. |
|
group WORD<1-32> |
Specifies the group access name. |
|
{md5|sha} |
Specifies an authentication protocol. If no value is entered, no authentication capability exists. The protocol choices are: MD5 and SHA. |
|
notify-view WORD<0-32> |
Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view. |
|
read-view WORD<0-32> |
Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view. |
|
write-view WORD<0-32> |
Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view. |
|
user WORD<1-32> |
Creates the new entry with this security name. The name is used as an index to the table. The range is 1–32 characters. Use the no operator to remove this configuration. |