Users Guide

Table Of Contents
To configure a view of the MIB tree on the SNMP agent, use the snmp-server view command.
To configure an SNMPv3 user's authentication and privacy settings, use the snmp-server user command.
To display the configured SNMP groups, use the show snmp group command.
Configure SNMPv1 or v2c group
OS10(config)# snmp-server group v2group 2c read readview notify GetsSets
Configure SNMPv3 group
OS10(config)# snmp-server group v3group 3 priv read readview write writeview notify
alltraps
Display SNMP groups
OS10# show snmp group
groupname : v2group
version : 2c
notifyview : GetsSets
readview : readview
groupname : v3group
version : 3
security level : priv
notifyview : alltraps
readview : readview
writeview : writeview
Configure SNMP users
Configure user access to the SNMP agent on the switch using group membership. Assign each user to a group and configure
SNMPv3-specific authentication and encryption settings, and optionally, localized security keys and ACL-based access. Re-
enter the command multiple times to configure SNMP security settings for all users.
snmp-server user user-name group-name security-model [[noauth | auth {md5 | sha} auth-
password]
[priv {des | aes}]] [localized] [access acl-name] [remote ip-address udp-port port-
number]]
The group to which a user is assigned determines the user's access privilege. To configure a group's access privilege read,
write, and notify to the switch, use the snmp-server group command. The security model for SNMPv3 provides the
strongest security with user authentication and packet encryption.
No default values exist for SNMPv3 authentication and privacy algorithms and passwords. If you forget a password, you
cannot recover it you must reconfigure the user. You can specify either a plain-text password or an encrypted cypher-text
password. In either case, the password stores in the configuration in encrypted form and displays as encrypted in the show
running-config snmp output.
A localized authentication or privacy key is more complex and provides greater privacy protection. Localized keys are generated
using the engine ID of the switch. For this reason, you cannot use the localized SNMP security passwords in the configuration
file on another switch. For more information, see Configure SNMP engine ID. To display the localized authentication and privacy
keys in an SNMPv3 user configuration, use the show running-configuration snmp command.
To limit user access to the SNMP agent on the switch, enter an access acl-name value. In IPv6 ACLs, SNMP supports only
IPv6 and UDP types. TCP, ICMP, and port rules are not supported.
To display the configured SNMP users, use the show snmp user command.
Configure SNMPv1 or v2c users
OS10(config)# snmp-server user admin1 netadmingroup 2c acl acl_AdminOnly
Configure SNMPv3 users
OS10(config)# snmp-server user privuser v3group 3 encrypted auth
md59fc53d9d908118b2804fe80e3ba8763d priv des56 d0452401a8c3ce42804fe80e3ba8763d
System management
155