Creating a user

Create a new user in the USM table to authorize a user on a particular SNMP engine.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create a user on a remote system:

    snmp-server user engine-id WORD<16—97> WORD<1-32> {md5 | sha }[aes | des ]

  3. Enter and confirm your password.
  4. Create a user on the local system:

    snmp-server user WORD<1-32> [notify-view WORD<0-32>] [read-view WORD<0-32>] [write-view WORD<0-32>] {md5 | sha} [aes | des ]

  5. Enter and confirm your password.
  6. Add the user to a group:

    snmp-server user WORD<1-32> group WORD<1-32> {md5 | sha} [aes | des ]

  7. Enter and confirm your password.
  8. Verify the configuration:

    show snmp-server user

Example

Create a user named test1 on a remote system with MD5:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#snmp-server user engine-id 0x80:00:08:E0:03:10:CD:AE:6B:D0:00 test1 md5 aes
Enter the authentication protocol password : ********
Re-enter the authentication protocol password : ********
Enter the privacy protocol password : ********
Re-enter the privacy protocol password : ********

WARNING: For best security practices avoid the use
         of repeated patterns in passwords.

Switch:1(config)#show snmp-server user
************************************************************************************
Engine ID = 0x80:00:08:E0:03:10:CD:AE:6B:D0:00

==========================================================================================
                               USM Configuration
==========================================================================================
User/Security Name    Engine Id                        Protocol
------------------------------------------------------------------------------------------
User2                0x80:00:08:E0:03:10:CD:AE:6B:D0:00 HMAC_MD5, AES PRIVACY,
test1                0x80:00:08:E0:03:10:CD:AE:6B:D0:00 HMAC_MD5, AES PRIVACY,

2 out of 2 Total entries displayed
--------------------------------------------------------------------------------

Variable Definitions

The following table defines parameters for the snmp-server user command.

Variable

Value

{aes|des}

Specifies a privacy protocol. If no value is entered, no authentication capability exists. The choices are aes or des.

Important:

You must set authentication before you can set the privacy option.

engine-id WORD<16-97>

Assigns an SNMPv3 engine ID. Use the no operator to remove this configuration.

group WORD<1-32>

Specifies the group access name.

{md5|sha}

Specifies an authentication protocol. If no value is entered, no authentication capability exists. The protocol choices are: MD5 and SHA.

notify-view WORD<0-32>

Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view.

read-view WORD<0-32>

Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view.

write-view WORD<0-32>

Specifies the view name in the range of 0 to 32 characters. The first instance is a noAuth view. The second instance is an auth view and the last instance is an authPriv view.

user WORD<1-32>

Creates the new entry with this security name. The name is used as an index to the table. The range is 1–32 characters. Use the no operator to remove this configuration.