Creating a user
Create a new user in the USM table to authorize a user on a particular SNMP engine.
Procedure
Example
Create a user named test1 on a remote system with MD5:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#snmp-server user engine-id 0x80:00:08:E0:03:10:CD:AE:6B:D0:00 test1 md5 aes Enter the authentication protocol password : ******** Re-enter the authentication protocol password : ******** Enter the privacy protocol password : ******** Re-enter the privacy protocol password : ******** WARNING: For best security practices avoid the use of repeated patterns in passwords. Switch:1(config)#show snmp-server user ************************************************************************************ Engine ID = 0x80:00:08:E0:03:10:CD:AE:6B:D0:00 ========================================================================================== USM Configuration ========================================================================================== User/Security Name Engine Id Protocol ------------------------------------------------------------------------------------------ User2 0x80:00:08:E0:03:10:CD:AE:6B:D0:00 HMAC_MD5, AES PRIVACY, test1 0x80:00:08:E0:03:10:CD:AE:6B:D0:00 HMAC_MD5, AES PRIVACY, 2 out of 2 Total entries displayed --------------------------------------------------------------------------------
Variable Definitions
The following table defines parameters for the snmp-server user command.
Variable |
Value |
---|---|
{aes|des} |
Specifies a privacy protocol. If no value is entered, no authentication capability exists. The choices are aes or des. Important:
You must set authentication before you can set the privacy option. |
engine-id WORD<16-97> |
Assigns an SNMPv3 engine ID. Use the no operator to remove this configuration. |
group WORD<1-32> |
Specifies the group access name. |
{md5|sha} |
Specifies an authentication protocol. If no value is entered, no authentication capability exists. The protocol choices are: MD5 and SHA. |
notify-view WORD<0-32> |
Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view. |
read-view WORD<0-32> |
Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view. |
write-view WORD<0-32> |
Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view. |
user WORD<1-32> |
Creates the new entry with this security name. The name is used as an index to the table. The range is 1–32 characters. Use the no operator to remove this configuration. |