Skip to main content

SNMPv3

For SNMPv3, the definition of a user and its access permission are separate steps, whereas for v1/v2c community-based security, a single command (e.g., nmcfg community permit admin rw) defines both.

The following command creates the user "johndoe" and defines its authentication protocol and password, and its privacy (encryption) protocol and password.

These examples use MD5 for authentication and DES for privacy. They provide broader compatibility but if your SNMP client supports SHA (authentication) and AES (privacy), use these as they provide better security. (Note that you can type nmcfg user help to view the supported protocols and pass phrase restrictions.)

CODE
# nmcfg user define johndoe MD5 "password" DES "pass phrase"

The new user has no permissions until its access rights are defined. The command below assigns the operator role to the user.

CODE
# nmcfg access usm permit johndoe operator auth

Note that the Makito X Series administrative user roles are preferred over the read-only or read-write permissions (to the whole MIB). These roles provide to SNMP v1/v2c communities and SNMPv3 users access privileges modeled on the Makito X SeriesX Accounts roles.

Examples

The following examples show how the v3 parameters are used with the SNMP commands.

The following get command has the required security level (authentication) and succeeds.

CODE
# snmpget –v3 –u johndoe –a MD5 –A "password" –l authNoPriv localhost sysName.0
SNMPv2-MIB::sysName.0 = STRING: razor #


The following get command provides no security (no authentication, no privacy) and fails.

CODE
# snmpget -v3 -u johndoe -l noAuthNoPriv localhost sysName.0

Error in packet
Reason: authorizationError (access denied to that object) #


The following set command provides the highest security level (authentication and privacy), even if access policy only required authentication, and succeeds.

CODE
# snmpset -v3 -u johndoe -a MD5 -A "password" -x DES -X "pass phrase" -l authPriv localhost haiAvtStreamEncapsulation.1 i directRtp
HAI-AVT-STREAM-MIB::haiAvtStreamEncapsulation.1 = INTEGER:
directRtp(1)


The following set command provides the highest security level (authentication and privacy), even if access policy only required authentication, and succeeds.

CODE
# snmpset -v3 -u johndoe -a SHA -A "password" -x AES -X "pass phrase" -l authPriv localhost haiAvtStreamEncapsulation.1 i directRtp
HAI-AVT-STREAM-MIB::haiAvtStreamEncapsulation.1 = INTEGER:
directRtp(1)
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.