Add a User to a Group

Add a user to a group to logically group users who require the same level of access.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create a new user group:

    snmp-server user WORD<1-32> group WORD<1-32> {md5 | sha} [aes | des]

  3. Enter and confirm your password.
  4. Verify the configuration:

    show snmp-server group

Example

Add a user to a group to logically group users who require the same level of access:

Switch:1>enable 
Switch:1#configure terminal
Switch:1(config)#snmp-server user test4 group grouptest4 md5 aes
Enter the authentication protocol password : ********
Re-enter the authentication protocol password : ********
Enter the privacy protocol password : ********
Re-enter the privacy protocol password : ********

WARNING: For best security practices avoid the use
         of repeated patterns in passwords.

Switch:1(config)#show snmp-server group
************************************************************************************
==========================================================================================
                      VACM Group Membership Configuration
==========================================================================================
Sec Model  Security Name                  Group Name
------------------------------------------------------------------------------------------
snmpv1     readview                       readgrp
snmpv1     initialview                    v1v2grp
snmpv2c    readview                       readgrp
snmpv2c    initialview                    v1v2grp
usm        test1                          Grouptest1
usm        test2                          geet1
usm        test4                          grouptest4

7 out of 7 Total entries displayed
--------------------------------------------------------------------------------
==========================================================================================

                        VACM Group Access Configuration

==========================================================================================

Group      Prefix Model   Level        ReadV      WriteV     NotifyV

------------------------------------------------------------------------------------------

initial           usm     noAuthNoPriv root       root       root

initial           usm     authPriv     root       root       root

initial    vrf512 usm     noAuthNoPriv vrf        vrf        vrf

initial    vrf512 usm     authPriv     vrf        vrf        vrf

readgrp           snmpv1  noAuthNoPriv v1v2only              org

readgrp           snmpv2c noAuthNoPriv v1v2only              org

readgrp    vrf512 snmpv1  noAuthNoPriv vrf                   vrf

readgrp    vrf512 snmpv2c noAuthNoPriv vrf                   vrf

v1v2grp           snmpv1  noAuthNoPriv v1v2only   v1v2only   v1v2only

v1v2grp           snmpv2c noAuthNoPriv v1v2only   v1v2only   v1v2only

v1v2grp    vrf512 snmpv1  noAuthNoPriv vrf        vrf        vrf

v1v2grp    vrf512 snmpv2c noAuthNoPriv vrf        vrf        vrf


12 out of 12 Total entries displayed

--------------------------------------------------------------------------------

Variable Definitions

The following table defines parameters for the snmp-server user command.

Variable

Value

{aes|des}

Specifies a privacy protocol. If no value is entered, no authentication capability exists. The choices are aes or des.

Important:

You must set authentication before you can set the privacy option.

engine-id WORD<16-97>

Assigns an SNMPv3 engine ID. Use the no operator to remove this configuration.

group WORD<1-32>

Specifies the group access name.

{md5|sha}

Specifies an authentication protocol. If no value is entered, no authentication capability exists. The protocol choices are: MD5 and SHA.

notify-view WORD<0-32>

Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view.

read-view WORD<0-32>

Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view.

write-view WORD<0-32>

Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view.

user WORD<1-32>

Creates the new entry with this security name. The name is used as an index to the table. The range is 1–32 characters. Use the no operator to remove this configuration.