You can configure up to five users who can access SNMP v3 information. User names must be no more than 32 characters long.

Before you begin

  • Verify that you have configured the authentication and privacy protocols before configuring users.

  • Verify that you know the authentication and privacy passwords for each user that you plan to configure. Passwords must be at least seven characters long. Store these passwords in files on the host system.

About this task

While configuring a user, you generate authentication and privacy hash values based on the user's authentication and privacy passwords and on the SNMP agent's engine ID. After configuring users, if you change the engine ID, the authentication protocol, or the privacy protocol, the users are no longer valid and must be reconfigured.

Procedure

  1. Access the appliance shell and log in as a user who has the administrator or super administrator role.

    The default user with super administrator role is root.

  2. If you are using authentication or privacy, get the authentication and privacy hash values for the user by the running snmp.hash --auth_hash --priv_hash command.

    For example, run the following command:

    snmp.hash  --auth_hash secret1 --priv_hash secret2

    Here, secret1 is the path to the file containing the user's authentication password and secret2 is the path to the file containing the user's privacy password. Alternatively, you can specify the flag --raw-secret and specify the passwords directly on the command line.

    The authentication and privacy hash values are displayed.

  3. Configure the user by running snmp.set --users.

    For example, run the following command:

    snmp.set --users userid/authhash/privhash/security

    The parameters in the command are as follows.

    Parameter

    Description

    userid

    Replace with the user name.

    authhash

    Replace with the authentication hash value.

    privhash

    Replace with the privacy hash value.

    security

    Replace with the level of security enabled for that user, which can be auth, for authentication only, priv, for authentication and privacy, or none, for no authentication or privacy.