The snmp-agent usm-user command adds a user to an SNMP user list.
The undo snmp-agent usm-user command deletes a user from an SNMP user list.
By default, an SNMP user list does not have any user.
snmp-agent [ remote-engineid engine-Id ] usm-user v3 user-name group-name [ authentication-mode authen-protocol authKey [ privacy-mode privacy-protocol privKey ] ] [ acl { acl-number | aclName } ]
snmp-agent [ remote-engineid engine-Id ] usm-user v3 user-name authentication-mode authen-protocol
snmp-agent [ remote-engineid engine-Id ] usm-user v3 user-name privacy-mode privacy-protocol
snmp-agent [ remote-engineid engine-Id ] usm-user v3 user-name [ group group-name | acl { acl-number | aclName } ] *
snmp-agent [ remote-engineid engine-Id ] usm-user v3 user-name authentication-mode authen-protocol [ localized-configuration ] cipher authKey
snmp-agent [ remote-engineid engine-Id ] usm-user v3 user-name privacy-mode privacy-protocol [ localized-configuration ] cipher privKey
undo snmp-agent [ remote-engineid engine-Id ] usm-user v3 user-name [ group | acl | authentication-mode | privacy-mode ]
| Parameter | Description | Value |
|---|---|---|
| remote-engineid engine-Id |
Specifies the ID of an engine associated with a user. |
The value is a string of 10 to 64 case-insensitive characters, spaces not supported. All 0s or all Fs are invalid. |
| v3 |
Enables the SNMPv3 security mode. |
- |
| user-name |
Specifies a user name. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When quotation marks are used around the string, spaces are allowed in the string. |
| authentication-mode authen-protocol |
Specifies the security level as authentication. If this parameter is specified, an SNMP agent or NMS must check whether the received message is sent by an authorized NMS or SNMP agent and whether the message has been changed in transmission. Relevant standards defines Keyed-Hashing for Message Authentication Code (HMAC), an effective tool that uses the security hash function and key to generate a message authentication code. This tool is widely used on the Internet. SNMP uses HMAC-MD5-96, HMAC-SHA-96, HMAC-128-SHA-224, HMAC-192-SHA-256, HMAC-256-SHA-384, or HMAC-384-SHA-512. |
|
| authKey |
Specifies the password in either simple text or ciphertext. |
The password is a string of 8 to 255 characters in simple text or a string of 32 to 432 characters in ciphertext. If the password is in ciphertext, users need to input the character string that has been processed using the encryption algorithm. |
| privacy-mode privacy-protocol |
Enables encryption. |
|
| privKey |
Specifies the password in either simple text or ciphertext. |
The password is a string of 8 to 255 characters in simple text or a string of 32 to 432 characters in ciphertext. If the password is in ciphertext, users need to input the character string that has been processed using the encryption algorithm. |
| acl acl-number |
Specifies the ACL number of the access view. Currently, SNMP supports only basic ACL4 and ACL6, and does not support advanced ACL or MPLS-based ACL. |
The value is an integer ranging from 2000 to 2999. |
| acl aclName |
Specifies the name of a named basic ACL. If no matching rule is configured for the referenced ACL, the matching rule is permit by default. |
The value is a string of 1 to 64 case-sensitive characters, spaces not supported. The name must start with a letter or digit, and cannot contain only digits. |
| group group-name |
Name of the SNMP user list to which a user belongs. |
The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When quotation marks are used around the string, spaces are allowed in the string. |
| localized-configuration |
Indicates the localized password configuration mode. The ciphertext password in the configuration file relates to the engine ID of the device. After the SNMPv3 authentication and encryption passwords are configured through MIB, the ciphertext password in the configuration file is a localized password. You are advised not to set this parameter when configuring the SNMPv3 authentication and encryption passwords in CLI mode. If you want to set this parameter, the cipher password value must be a localized password. If you copy a ciphertext password with localized-configuration from the configuration file of another device, the password cannot be used. |
- |
Usage Scenario
Different from SNMPv1 or SNMPv2c, SNMPv3 implements access control, identity authentication, and data encryption using the local processing module and user-based security module. SNMPv3 helps achieve higher security and confidentiality and is applicable to a wider range than SNMPv1 and SNMPv2c.
The snmp-agent usm-user command configures a user in an SNMP user group, configures an authentication password and privacy password, and grants this user view-specific access.
Precautions
<HUAWEI> system-view [~HUAWEI] acl 2001 [*HUAWEI-acl4-basic-2001] quit [*HUAWEI] snmp-agent usm-user v3 John group Johngroup acl 2001
<HUAWEI> system-view [~HUAWEI] snmp-agent usm-user v3 John authentication-mode sha2-512 Please configure the authentication password (8-255) Enter Password: Confirm Password: