snmp-server user

Creates or changes the attributes of SNMPv3 users, and allows the SNMPv3 user to be associated with the user-defined group name.

Syntax

snmp-server user username [ groupname group-name ] [ auth { md5 | sha | noauth } ] [ auth-password string [ encrypted ] ] [ priv { DES | AES128 | nopriv } ] [ priv-password string [ encrypted ]
no snmp-server user username

Command Default

None

Parameters

username
The name of the user that connects to the agent. The name must be between 1 and 16 characters long.
groupname group-name
The name of the group to which the user is associated. The configured user is allowed to be associated with the user-defined groups created using the snmp-server group command.
auth
Initiates an authentication level setting session. The default level is noauth .
noauth
Specifies "No Authentication Protocol".
md5
The HMAC-MD5-96 authentication level.
sha
The HMAC-SHA-96 authentication level.
auth-password string
A string that enables the agent to receive packets from the host. Passwords are plain text and must be added each time for each configuration replay. The password must be between 1 and 32 characters long. If a password contains supported special characters (such as !, @, #, $, %), enclose the password in double quotes (").
priv
Initiates a privacy authentication level setting session. The default level is nopriv .
DES
Specifies the DES privacy protocol.
AES128
Specifies the AES128 privacy protocol.
nopriv
Specifies "No Privacy Protocol".
priv-password string
Specifies a string (not to exceed 32 characters) that enables the host to encrypt the contents of the message that it sends to the agent. Passwords are plain text and must be added each time for each configuration replay. The privacy password alone cannot be configured. You configure the privacy password with the authentication password. If a password contains supported special characters (such as, !, @, #, $, %), enclose the password in double quotes (").
encrypted
Encrypts the input for auth/priv passwords. The encrypted key should be used only while entering the encrypted auth/priv passwords.

Modes

Global configuration mode

Usage Guidelines

This command configures SNMPv3 users that can be associated with a trap and inform response functionality. This command also allows configured user to be associated with user-defined SNMP groups created using the snmp-server group command. The maximum number of SNMP users that can be configured is 10. Optional encryption for auth-password and priv-password is also provided.

When creating a new SNMPv3 user without group name, by default there is no group name mapped with the SNMPv3 user. You must map the configured SNMPv3 user with any non-existing or existing group name available in the group CLI configuration to contact the device through SNMPv3.

This command may not be successful where encrypted passwords are generated by third-party or open-source tools.

Use the no form of the command to remove an SNMP user.

Examples

The following example configures a basic authentication policy.

device(config)# snmp-server user extreme groupname snmpadmin auth md5 auth-password user123 priv AES128 priv-password user456 

The following example configures plain-text passwords.

device(config)# snmp-server user snmpadmin1 auth md5 auth-password private123 priv  DES priv-password public123

The following example configures configure encrypted passwords.

device(config)# snmp-server user snmpadmin2 groupname snmpadmin auth md5 auth-password "MVb+360X3kcfBzug5Vo6dQ==\n" priv DES priv-password "ckJFoHbzVvhR0xFRPjsMTA==\n" encrypted

The following example creates the SNMP users "user1" and "user2" associated with used-defined group "group1" under global configuration mode.

device(config)# snmp-server user user1 groupname group1
device(config)# snmp-server user user2 groupname group1 auth md5 auth-password password priv DES priv-password password