Skip to main content

SNMPv3

For SNMPv3, the definition of a user and its access permission are separate steps, whereas for v1/v2c community-based security, a single configuration line (e.g., rwcommunity admin) defines both.

The following command creates the user “johndoe” and defines its authentication protocol and password, and its privacy (encryption) protocol and password. (Note that you can type nmcfg user help to view the supported protocols and pass phrase restrictions.)

CODE 
# nmcfg user define johndoe SHA “password” AES “pass phrase”

The new user has no permissions until an rouser or rwuser line is added in the snmpd.conf configuration file. The following command shows that read and write permission is granted if the user issues authenticated requests. Note that encryption (privacy) implies authentication.

CODE 
# nmcfg access usm permit johndoe rw auth

The following line is added by the above command in the snmpd.conf configuration file:

CODE 
rwuser johndoe auth

To assign Makito X decoder user group privileges instead of the read-only or read-write permissions (to the whole MIB), the ro or rw parameter of the nmcfg access command can be replaced by the access group admins, operators, or users. These groups provide to SNMP v1/v2c communities and SNMPv3 USM users access privileges modeled on the Makito X decoder CLI and Web interface privilege levels.

CODE 
# nmcfg access usm permit johndoe operators auth

The following line is added by the above command in the snmpd.conf configuration file, using a VACM group defined in snmpd.local.conf:

CODE 
group _operators_auth_ usm johndoe

Examples

The following examples show how the v3 parameters are used with the SNMP commands.

The following get command has the required security level (authentication) and succeeds.

CODE 
# snmpget –v3 –u johndoe –a SHA –A “password” –l authNoPriv localhost sysName.0 SNMPv2-MIB::sysName.0 = STRING: razor #

The following get command provides no security (no authentication, no privacy) and fails.

CODE 
# snmpget -v3 -u johndoe -l noAuthNoPriv localhost sysName.0 Error in packet Reason: authorizationError (access denied to that object) #

The following set command provides the highest security level (authentication and privacy), even if access policy only required authentication, and succeeds.

CODE 
# snmpset -v3 -u johndoe -a SHA -A "password" -x AES -X "pass phrase" -l authPriv localhost haiAvtStreamEncapsulation.1 i directRtp HAI-AVT-STREAM-MIB::haiAvtStreamEncapsulation.1 = INTEGER: directRtp(1) #

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close