configure snmpv3 add user

configure snmpv3 add user [ hex hex_user_name | user_name ] {engine-id engine_id} {authentication [md5 | sha] {localized-key auth_localized_key | hex hex_auth_password | auth_password} {privacy {des |3des |aes {128 |192 | 256}} {localized-key priv_localized_key | hex hex_priv_password | priv_password} }} {volatile}

Description

Adds (and modifies) an SNMPv3 user.

Syntax Description

hex_user_name Specifies the user name to add or modify. The value is to be supplied as a colon separated string of hex octets.
user_name Specifies the user name to add or modify in ASCII format.
engine-id SNMP engine id. If not specified, the user is created with the local engine id.
engine_id Engine id (in hexadecimal)"; type="ostring_t
authentication Specifies the authentication password or hex string to use for generating the authentication key for this user.
md5 Specifies RSA Data Security, Inc. MD5 Message-Digest Algorithm authentication.
sha Specifies SHA authentication.
localized-key Following value is a MD5 or SHA digest of the engine-id and user's password.
auth_localized_key Authentication localized key (in hexadecimal) ) ;type="ostring_t"

privacy

Specifies the privacy password or hex string to use for generating the privacy key for this user.
des Specifies the use of the 56-bit DES algorithm for encryption. This is the default.
3des Specifies the use of the 168-bit 3DES algorithm for encryption.
aes Specifies the use of the AES algorithm for encryption.
128 Specifies the use of the 128-bit AES algorithm for encryption.
192 Specifies the use of the 192-bit AES algorithm for encryption.
256 Specifies the use of the 256-bit AES algorithm for encryption.
priv_localized_key Privacy localized key (in hexadecimal)"; type="ostring_t"
volatile Specifies volatile storage. By specifying volatile storage, the configuration is not saved across a switch reboot.

Default

The default values are:
  • authentication—no authentication.

  • privacy—no privacy.

  • non-volatile storage.

Usage Guidelines

Use this command to create or modify an SNMPv3 user configuration.

The default user names are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv. The initial password for admin is password. For the other default users, the initial password is the user name.

If hex is specified, supply a 16 octet hex string for RSA Data Security, Inc. MD5 Message-Digest Algorithm, or a 20 octet hex string for SHA.

You must specify authentication if you want to specify privacy. There is no support for privacy without authentication.

Note

Note

3DES, AES 192, and AES 256 bit encryptions are proprietary implementations and may not work with some SNMP managers.

SNMPv3 password and localized-key are saved to the configuration file using AES256-CBC encryption.

Example

The following command configures the user guest on the local SNMP Engine with security level noauth (no authentication and no privacy):

configure snmpv3 add user guest

The following command configures the user authMD5 to use RSA Data Security, Inc. MD5 Message-Digest Algorithm authentication with the password palertyu:

configure snmpv3 add user authMD5 authentication md5  palertyu

The following command configures the user authShapriv to use SHA authentication with the hex key shown below, the privacy password palertyu, and volatile storage:

configure snmpv3 add user authShapriv authentication sha hex 01:03:04:05:01:05:02:ff:ef:cd:12:99:34:23:ed:ad:ff:ea:cb:11 privacy palertyu volatile

History

This command was first available in ExtremeXOS 10.1.

The hex_user_name parameter was added in ExtremeXOS 11.0.

Support for 3DES and AES was added in ExtremeXOS 12.3.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.