H3C S5830V2 Series Command Reference Manual page 123

group-name: Specifies an SNMPv3 group name, a case-sensitive string of 1 to 32 characters.
remote ip-address: Specifies the IP address of the remote SNMP entity. To send SNMPv3 informs to an
NMS, you must specify the IP address of the NMS in the snmp-agent usm-user v3 command and map
the IP address to the SNMP engine ID of the NMS by using the snmp-agent remote command.
cipher: Specifies that auth-password and priv-password are encrypted keys. To get the encrypted key for
a plaintext key, use the snmp-agent calculate-password command.
simple: Specifies that auth-password and priv-password are plaintext keys.
authentication-mode: Specifies an authentication algorithm. MD5 is faster but less secure than SHA.
md5: Specifies the MD5 authentication algorithm.
•
sha: Specifies the SHA- 1 authentication algorithm.
•
auth-password: Specifies a case-sensitive plaintext or encrypted authentication key. A plaintext key is a
string of 1 to 64 visible characters. If the cipher and md5 keywords are specified, auth-password
represents a hexadecimal string of 32 characters or a non-hexadecimal string of 53 characters. If the
cipher and sha keywords are specified, auth-password is a hexadecimal string of 40 characters or a
non-hexadecimal string of 53 characters.
privacy-mode: Specifies an encryption algorithm for privacy. AES is slower but more secure than DES.
aes128: Specifies the AES (Advanced Encryption Standard) algorithm.
•
des56: Specifies the DES (Data Encryption Standard) algorithm.
•
priv-password: Specifies a case-sensitive plaintext or encrypted privacy key. A plaintext key is a string of
1 to 64 characters. If the cipher keyword is specified, the encrypted privacy key length requirements
differ by authentication algorithm and key string format, as shown in
Table 34 Encrypted privacy key length requirements
Authentication algorithm
MD5
SHA
acl acl-number: Specifies a basic ACL to filter NMSs by source IP address. The acl-number argument
represents a basic ACL number in the range of 2000 to 2999. Only the NMSs with the IP addresses
permitted in the ACL can use the specified username to access the SNMP agent.
local: Specifies the local SNMP engine.
engineid engineid-string: Specifies an SNMP engine. The engineid-string argument represents the
engine ID and must comprise an even number of hexadecimal characters, in the range of 10 to 64.
All-zero and all-F strings are invalid.
Usage guidelines
You must create an SNMPv3 group before you assign an SNMPv3 user to the group. Otherwise, the user
cannot take effect after it is created. An SNMP group contains one or multiple users and specifies the MIB
views and security model for the group of users. The authentication and encryption algorithms for each
user is specified when they are created.
SNMPv3 users are valid only on the SNMP engine that creates them. By default, SNMPv3 users are
created on the local SNMP engine. When you create an SNMPv3 user for sending SNMP inform
messages, you must associate it with the remote SNMP engine.
If you configure an SNMPv3 user multiple times, the last configuration takes effect.
Encryption algorithm
AES128 or DES-56
AES128 or DES-56
115
Table 34.
Hexadecimal string
32 characters
40 characters
Non-hexadecimal string
53 characters
53 characters