The snmp-agent usm-user command adds a user to an SNMP group.
The undo snmp-agent usm-user command deletes a user from an SNMP group.
By default, no user is added to an SNMP group.
snmp-agent usm-user v3 user-name group-name simple authentication-mode { md5 | sha } password [ privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } password ] [ acl acl-number ]
snmp-agent usm-user v3 user-name group-name [ cipher ] authentication-mode { md5 | sha } password [ privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } password ] [ acl acl-number ]
snmp-agent usm-user v3 user-name group-name [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name [ local | engineid engineid ]
| Parameter | Description | Value |
|---|---|---|
v3 |
Indicates the V3 security mode that a user uses. |
- |
user-name |
Specifies the user name. |
The value is a string of 1 to 32 case-insensitive characters, spaces supported. NOTE:
If a user name contains a space, the user name must be placed into a pair of double quotation marks. Only one pair of double quotation marks can be used for each user name. |
group-name |
Specifies the name of the SNMP group to which a user belongs. |
The value is a string of 1 to 32 case-insensitive characters without spaces. |
simple |
Indicates the simple authentication. |
- |
authentication-mode |
Enables authentication. |
- |
md5 |
Indicates HMAC-MD5-96 is used as the authentication protocol. |
- |
sha |
Indicates HMAC-SHA-96 is used as the authentication protocol. |
- |
password |
Specifies the password. |
NOTE:
The password cannot be the same as the user name, or in reverse order with the user name. The password must contain at least two of the following characters: upper-case character, lower-case character, digit, and special character excluding "?" and space. |
privacy-mode |
Indicates that the security level is Encryption. |
- |
des56 |
Indicates Data Encryption Standard 56 (DES56) as the encryption protocol. |
- |
aes128 |
Indicates Advanced Encryption Standard 128 (AES-128) as the encryption protocol. |
- |
aes192 |
Indicates Advanced Encryption Standard 192 (AES-192) as the encryption protocol. |
- |
aes256 |
Indicates Advanced Encryption Standard 256 (AES-256) as the encryption protocol. |
- |
3des |
Indicates Triple Data Encryption Standard (3DES) as the encryption protocol. |
- |
acl acl-number |
Specifies the number of an ACL. NOTE:
The ACL configured by the acl acl-number parameter takes effect on both IPv4 and IPv6 networks. |
The value is an integer ranging from 2000 to 2999. |
cipher |
Specifies that the password is in ciphertext, which is the default password type. If this parameter is specified, you can enter only a password in ciphertext. This type of password can be viewed using the configuration file. |
- |
local |
Specifies a local entity user. |
- |
engineid engineid |
Specifies the engine ID used by the user. |
The value is a string of 10 to 64 case-insensitive characters, spaces not supported. |
The snmp-agent usm-user v3 user-name group-name simple authentication-mode { md5 | sha } password [ privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } password ] [ acl acl-number ] command is available to aid upgrade compatibility. It can only be run during the configuration restoration phase of the upgrade. After the upgrade, this command is no longer supported. The command in other formats can be configured by users.
The snmp-agent usm-user (upgrade-compatible command) command is replaced by the snmp-agent usm-user command.
This command is saved in simple text after it is configured, which brings security risks. Saving the command configuration in ciphertext is recommended.