Managing SNMP Users
An SNMP user is defined by the login credentials (username, passwords, and authentication method), and by the context and scope in which it operates by association with a group and an Engine ID.
After a user is authenticated, it takes on the attributes of its group, and can then see or not see the views associated with this group.
Groups enable network managers to assign access rights to a group of users instead of to a single user.
A user can only belong to a single group.
To create an SNMPv3 user, the following must first exist:
For security reasons, SNMP users are not saved to the configuration file. If SNMP users are provisioned and you save the configuration, the SNMP users are not retained; you must manually re-enter them.
To display SNMP users and define new ones:
- Click SNMP > Users. The Users page opens.
This page displays existing users.
- Click Add. The Add User page opens.
This page provides information for assigning SNMP access control privileges to SNMP users.
- Enter the parameters.
- User Name--Enter a name for the user.
- Engine ID--Select either the local or remote SNMP entity to which the user is connected. Changing or removing the local SNMP Engine ID deletes the SNMPv3 User Database. To receive inform messages and request information, you must define both a local and remote user.
- Local--User is connected to a local SNMP entity. The user can request information but does not receive inform messages.
- Remote--User is connected to a remote SNMP entity. If the remote Engine ID is defined, remote devices receive inform messages, but cannot make requests for information.
Enter the remote engine ID.- Group Name--Select the SNMP groups to which the SNMP user belongs. SNMP groups are defined in the Add Group page.
NOTE If one particular group has been deleted on the Group page, then this User entry will become inactive.
- Authentication Method--Select the Authentication method. The available authentication methods will be varied and dependent on which Group Name assigned. If this Group is assigned as no authentication on the Group page, this User will be assigned to None. The options are:
- None--No user authentication is used.
- MD5 Password--Users must enter a password that is encrypted using the MD5 authentication method.
- SHA Password--Users must enter a password that is encrypted by using the SHA (Secure Hash Algorithm) authentication method.
- MD5 Key--Users are authenticated by using a valid MD5 key.
- SHA Key--Users are authenticated by using a valid SHA key.
- Authentication Password--If authentication is accomplished by either a MD5 or a SHA password, enter the local user password. Local user passwords are compared to the local database and can contain up to 32 ASCII characters.
- Authentication Key--If the authentication method is either an MD5 or SHA key, enter the MD5 or SHA authentication key. If the MD5 key is selected, 16 bytes are required. If the SHA key is selected, 20 bytes are required.
- Privacy Key--16 bytes are required (DES encryption key).
- Click Apply to save the settings.