HPE FlexNetwork 5130 HI Series Network Management And Monitoring Command Reference page 202

• aes256: Specifies the AES encryption algorithm that uses a 256-bit key.
• des56: Specifies the DES encryption algorithm that uses a 56-bit key.
priv-password: Specifies an encryption key. This argument is case sensitive.
• The plaintext form of the key in non-FIPS mode is a string of 1 to 64 characters. The plaintext
form of the key in FIPS mode is a string of 15 to 64 characters, which must contain numbers,
uppercase letters, lowercase letters, and special characters.
• The encrypted form of the key can be calculated by using the snmp-agent
calculate-password command.
acl: Specifies a basic or advanced IPv4 ACL for the user.
ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL
number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to
3999.
name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string
of 1 to 63 characters.
acl ipv6: Specifies a basic or advanced IPv6 ACL for the user.
ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL
number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to
3999.
name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string
of 1 to 63 characters.
local: Specifies the local SNMP engine. By default, an SNMPv3 user is associated with the local
SNMP engine.
engineid engineid-string: Specifies an SNMP engine ID. The engineid-string argument is an even
number of hexadecimal characters. All-zero and all-F strings are invalid. The even number is in the
range of 10 to 64. If you change the local engine ID, the existing SNMPv3 users and keys become
invalid. To delete an invalid username, specify the engine ID associated with the username in the
undo snmp-agent usm-user v3 command.
Usage guidelines
Only users with the network-admin or level-15 user role can execute this command. Users with other
user roles cannot execute this command even if these roles are granted access to commands of the
SNMP feature or this command.
You can use either of the following modes to control SNMPv3 user access to MIB objects.
• VACM—Controls user access to MIB objects by assigning the user to an SNMP group. To make
sure the user takes effect, make sure the group has been created. An SNMP group contains
one or multiple users and specifies the MIB views and security model for the users. The
authentication and encryption algorithms for each user are specified when they are created.
• RBAC—Controls user access to MIB objects by assigning user roles to the user. A user role
specifies the MIB objects accessible to the user and the operations that the user can perform on
the objects. After you create a user in RBAC mode, you can use the snmp-agent usm-user v3
user-role command to assign more user roles to the user. You can assign a maximum of 64
user roles to a user.
RBAC mode controls access on a per MIB object basis, and VACM mode controls access on a MIB
view basis. As a best practice to enhance MIB security, use RBAC mode.
You can execute the snmp-agent usm-user v3 command multiple times to create different SNMPv3
users in VACM mode. If you do not change the username each time, the most recent configuration
takes effect.
You can execute the snmp-agent usm-user v3 command in RBAC mode multiple times to assign
different user roles to an SNMPv3 user. The following restrictions and guidelines apply:
193