H3C SR6600 Command Reference Manual page 136

priv-password: Specifies a case-sensitive plaintext or encrypted privacy key. A plaintext key is a string of
1 to 64 characters. If the cipher keyword is specified, the encrypted privacy key length requirements
differ by authentication algorithm and key string format, as shown in
Table 28 Encrypted privacy key length requirements
Authentication
algorithm
MD5
MD5
SHA
SHA
acl acl-number: Specifies a basic ACL to filter NMSs by source IPv4 address. The acl-number argument
represents a basic ACL number in the range of 2000 to 2999. Only the NMSs with the IPv4 addresses
permitted in the ACL can use the specified username to access the SNMP agent.
acl ipv6 ipv6-acl-number: Specifies a basic ACL to filter NMSs by source IPv6 address. The
ipv6-acl-number argument represents a basic ACL number in the range of 2000 to 2999. Only the NMSs
with the IPv6 addresses permitted in the ACL can use the specified username to access the SNMP agent.
local: Represents a local SNMP entity user.
engineid engineid-string: Specifies an SNMP engine ID as a hexadecimal string. The engineid-string
argument must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-zero
and all-F strings are invalid.
Usage guidelines
You must create an SNMPv3 user for the agent and the NMS to use SNMPv3.
You must create an SNMP group before you assign an SNMP user to the group. Otherwise, the user
cannot take effect after it is created. An SNMP group can contain multiple users. It defines SNMP objects
accessible to the group of users in the MIB view and specifies whether to enable authentication and
privacy functions. The authentication and encryption algorithms are defined when a user is created.
When you use the snmp-agent usm-user v3 cipher command, the pri-password argument in this
command can be obtained by the snmp-agent calculate-password command. To make the calculated
encrypted key applicable to the snmp-agent usm-user v3 cipher command and have the same effect as
that in the snmp-agent usm-user v3 cipher command, make sure the same encryption algorithm is
specified for the two commands and the local engine ID specified in the snmp-agent usm-user v3 cipher
command is consistent with the SNMP entity engine ID specified in the snmp-agent calculate-password
command.
When you execute this command multiple times to configure the same user (the user names remain the
same, no limitation to other keywords and arguments), the most recent configuration takes effect.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text to the
configuration file.
Remember the username and the plaintext password when you create a user. A plaintext password is
required when the NMS accesses the SNMP agent.
The MD5 authentication, DES encryption, and 3DES encryption algorithms are supported only in
non-FIPS mode.
Encryption
Hexadecimal string
algorithm
3DES 64 characters
AES128 or
32 characters
DES-56
3DES 80 characters
AES128 or
40 characters
DES-56
128
Table 28.
Non-hexadecimal string
73 characters
53 characters
73 characters
53 characters