snmp-agent usm-user (upgrade-compatible command)
Function
The snmp-agent usm-user command adds a user to an SNMP user group.
The undo snmp-agent usm-user command deletes a user from an SNMP user group.
By default, the SNMP user group has no users added.
It is recommended that you deliver the snmp-agent usm-user v3 user-name group-name authentication-mode { md5 | sha } password [ privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } encrypt-password ] [ acl acl-number ] to the switch from the NMS. Do not directly configure the command on the switch.
Format
snmp-agent usm-user v3 user-name group-name simple [ authentication-mode { md5 | sha } password [ privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } encrypt-password ] ] [ acl acl-number ]
snmp-agent usm-user v3 user-name group-name [ cipher ] [ authentication-mode { md5 | sha } password [ privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } encrypt-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name [ engineid engineid | local ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| v3 | Indicates that the security mode in SNMPv3 is adopted. | - |
| user-name | Specifies the name of a user. | It is a string of 1 to 32 case-sensitive characters without spaces. |
| group-name | Specifies the name of the group to which a user belongs. | It is a string of 1 to 32 case-sensitive characters without spaces. |
| simple | Indicates the simple authentication. | - |
| cipher | Specifies that the password is in ciphertext, which is the default password type. If this parameter is specified, you can enter only a password in ciphertext. This type of password can be viewed using the configuration file. | - |
| authentication-mode | Sets the authentication mode. NOTE:
Authentication
is a process in which the SNMP agent (or the NMS) confirms that the
message is received from an authorized NMS (or SNMP agent) and the
message is not changed during transmission. RFC 2104 defines Keyed-Hashing
for Message Authentication Code (HMAC), an effective tool that uses
the security hash function and key to generate the message authentication
code. This tool is widely used in the Internet. HMAC used in SNMP
includes HWAC-MD5-96 and HWAC-SHA-96. The hash function of HWAC-MD5-96
is MD5 that uses 128-bit authKey to generate the key. The hash function
of HWAC-SHA-96 is SHA-1 that uses 160-bit authKey to generate the
key. |
- |
| md5 | sha | Indicates the authentication protocol.
|
- |
| password | Specifies the password for user authentication. | For plain-text password, the value is a string of 6 to 64 characters by default, and the minimum length is 6 characters. If the set password min-length command is run to set the minimum length of passwords to a value greater than 6, the minimum length is the value configured using the set password min-length command. For cipher-text password, the value is a string of 32 to 104 characters. NOTE:
The
password cannot be the same as the user name or reverse of the user
name. The password must contain at least two types of characters,
including letters, digits, and special characters. The special characters
cannot be question mark (?) or space. |
| privacy-mode | Specifies the authentication with encryption. The system adopts the cipher block chaining (CBC) code of the data encryption standard (DES) and uses 128-bit privKey to generate the key. The NMS uses the key to calculate the CBC code and then adds the CBC code to the message while the SNMP agent fetches the authentication code through the same key and then obtains the actual information. Like the identification authentication, the encryption requires the NMS and the SNMP agent to share the same key to encrypt and decrypt the message. |
- |
| des56 | aes128 | aes192 | aes256 | 3des | Indicates the encryption protocol. | - |
| encrypt-password | Indicates the encryption password. | For plain-text password, the value is a string of 6 to 64 characters by default, and the minimum length is 6 characters. If the set password min-length command is run to set the minimum length of passwords to a value greater than 6, the minimum length is the value configured using the set password min-length command. For cipher-text password, the value is a string of 32 to 104 characters. NOTE:
The
password cannot be the same as the user name or reverse of the user
name. The password must contain at least two types of characters,
including letters, digits, and special characters. The special characters
cannot be question mark (?) or space. |
| acl acl-number | Specifies the ACL number of the access view. | The value is an integer that ranges from 2000 to 2999. |
| engineid engineid | Specifies the ID of the engine associated with a user. | The value is a string of 10 to 64 case-insensitive characters without spaces. |
| local | Indicates the local entity user. | - |