Creating an SNMPv3 Administrator

Creating an SNMPv3 Administrator

After either manually assigning the switch an engine ID or assigning the console port an IP address, you can create an SNMPv3 administrator. This administrator will be able to create and modify SNMPv3 users by using SNMP.

You must have administrator access to the switch to create the SNMPv3 administrator. The administrator can, however, give specific user groups read-write access to the USM and VACM MIBs. Users assigned to those user groups can then use SNMPv3 to create or modify SNMPv3 users.

CAUTION: To prevent SNMPv1 or v2 access to the USM or VACM MIBs, assign views that include these MIBS only to groups that require authentication and encryption.

To create an SNMPv3 administrator, use the following CLI command:

(configure)# snmp-server user <username> group internet auth {sha | md5} <auth-password> priv <priv-password>

Table�23 defines the command keywords and variables.

Table�23:�snmp-server user Command Parameters �
Parameter	Description
<username>	User name for the SNMPv3 user. The user name can range from 1 to 32 alphanumeric characters.
sha	Authenticates the user by means of HMAC-SHA.
md5	Authenticates the user by means of HMAC-MD5.
<auth-password>	The authentication password for the user: Text passwords can range from 8 to 64 characters. Localized HMAC-SHA-hashed passwords must be 20 bytes. Localized HMAC-MD5-hashed passwords must be 16 bytes. Enter all localized passwords in the format of nn:nn:nn....
<priv-password>	The encryption password for the user. Text passwords can range from 8 to 64 characters. Localized, HMAC-SHA- or HMAC-MD5-hashed encryption passwords must be 16 bytes. Enter all localized passwords in the format of nn:nn:nn....