SNMP v3 users
Authentication is used to ensure the identity of users. Privacy allows for encryption of SNMP v3 messages to ensure confidentiality of data. These protocols provide a higher level of security than is available in SNMP v1 and v2c, which use community strings for security. Both authentication and privacy are optional.
To create a n SNMP v3 user in the GUI:
- Go to System > SNMP.
- In the SNMP v3 table, click Create New.
- Enter a User Name and enable the user.
- In the Security Level section, configure the security level:
- No Authentication: No authentication or encryption.
- Authentication: Select the authentication algorithm and password.
- Authentication and Private: Select both the authentication and encryption algorithms and password.
- In the Hosts section, enter the IP Address for each SNMP manager.
- In the Queries section, enable or disable queries, then enter the port number that the SNMP managers use for them.
- In the Traps section, enable or disable traps, then enter the local and remote port numbers that the SNMP managers use for them.
- In the SNMP Events section, enable or disable the events that activate traps.
- Click OK.
To create an SNMP v3 user in the CLI:
config system snmp user edit <user> set status {enable | disable} set trap-status {enable | disable} set trap-lport <port_number> set trap-rport <port_number> set queries {enable | disable} set query-port <port_number> set notify-hosts <class_ip> ... <class_ip> set source-ip <class_ip> set ha-direct {enable | disable} set events <events> set security-level {no-auth-no-priv | auth-no-priv | auth-priv} set auth-proto {md5 | sha | sha224 | sha256 | sha384 | sha512} set auth-pwd <password> set priv-proto {aes | des | aes256 | aes256cisco} set priv-pwd <password> next end