The snmp-agent local-user command creates a local SNMP user.
The undo snmp-agent local-user command deletes local SNMP user configurations.
By default, no local SNMP user is created.
snmp-agent local-user v3 local-user-name authentication-mode authen-protocol { privacy-mode privacy-protocol }
snmp-agent local-user v3 local-user-name authentication-mode authen-protocol { cipher authKey privacy-mode privacy-protocol cipher privKey }
undo snmp-agent local-user v3 local-user-name
| Parameter | Description | Value |
|---|---|---|
| local-user-name |
Specifies the name of a local SNMP user. The specified local SNMP user name must be the same as the local AAA user configured using the local-user password command. |
The name is a string of 1 to 32 case-sensitive characters, spaces not supported. |
| authentication-mode authen-protocol |
Enables an authentication mode. Authentication allows an agent (management station) to verify that information is sent by an authorized management station (agent) and is not modified during transmission after receiving the information. |
|
| privacy-mode privacy-protocol |
Enables an encryption mode. |
|
| v3 |
Enable SNMPv3 protocol for users. |
- |
| cipher authKey |
Specifies a ciphertext password. If the cipher parameter is configured, only enter a ciphertext password and view it in a configuration file. |
The value is a string of 32 to 432 characters. If the cipher parameter is not configured, a simple text password can be entered. A simple text password is a case-sensitive string, spaces not supported. The length of a simple text password depends on the password complexity check:
|
| cipher privKey |
Specifies a ciphertext password. |
The value is a string of 1 to 432 case-sensitive characters, spaces not supported. |
Usage Scenario
Authentication, authorization and accounting (AAA) enables a network administrator to configure local AAA users to log in to devices using FTP, Telnet, and SSH. SNMPv3 only supports SNMP users' logins, which causes difficulties in managing network devices.
To resolve this problem, SNMP is enabled to support AAA users so that AAA users can access an NMS and an administrator can manage all devices.
After a local AAA is created and its service type is set to SNMP, run the snmp-agent local-user command to configure the local AAA user as a local SNMP user and specify the authentication and encryption modes. Then the AAA user can access the NMS.
Prerequisites
A local AAA user has been configured using the local-user password command.
The access type for the local AAA user has been set to SNMP using the local-user service-type snmp command.
Precautions
The AAA user's password can be different from the SNMP user's password.
Deleting a local AAA user causes the local SNMP user to be also deleted. Deleting a local SNMP user, however, does not affect the local AAA user.
The priority of an SNMP user security mode (USM) user is higher than that of a local SNMP user. If an SNMP USM user name is the same as a local SNMP user name, the SNMP USM user configurations, including authentication and encryption passwords, are used during a login.
To improve system security, you are advised to configure different authentication and encryption passwords for an SNMP local user.
<HUAWEI> system-view [~HUAWEI] aaa [*HUAWEI-aaa] local-user snmpuser password Please configure the password (8-128) Enter Password: Confirm Password: Info: A new user is added. [*HUAWEI-aaa] local-user snmpuser service-type snmp [*HUAWEI-aaa] quit [*HUAWEI] snmp-agent local-user v3 snmpuser authentication-mode sha2-512 privacy-mode aes128 Please configure the authentication password (8-255) Enter Password: Confirm Password: Please configure the privacy password (8-255) Enter Password: Confirm Password: