How can I configure the SNMPv3 user group and user name on a CE switch

0

Only SNMPv3 supports user group and user name configuration. By default, a CE switch has SNMPv3 enabled.

The user's security level must be higher than or equal to the security level of the user group. A security level can be (in descending order): 1. privacy: authentication and encryption
2. authentication: authentication without encryption
3. none: no authentication or encryption
If the user group is at the privacy level, the user must be at the privacy level. If the user group is at the authentication level, the user must be at the privacy or authentication level.
# Configure the user group group001, set the security level to privacy, and configure access control to restrict the access of NMS to the switch.
system-view
[~HUAWEI] snmp-agent group v3 group001 privacy write-view alliso acl 2001
[*HUAWEI] commit
# Set the user name to user001, authentication password to Authe@1234, and encryption password to Priva@1234.
system-view
[~HUAWEI] snmp-agent usm-user v3 user001 group group001
[*HUAWEI] snmp-agent usm-user v3 user001 authentication-mode sha
Please configure the authentication password (8-255)
Enter Password: //Enter the authentication password.
Confirm Password: //Confirm the authentication password.
[*HUAWEI] snmp-agent usm-user v3 user001 privacy-mode aes256
Please configure the privacy password (8-255)
Enter Password: //Enter the encryption password.
Confirm Password: //Confirm the encryption password.
[*HUAWEI] commit

Other related questions:
Can I configure the user name and password of the admin user on the web page of the SMC2.0 to be permanently valid?
The user name and password of the admin user on the web page of the SMC2.0 cannot be configured to be permanently valid? The longest validity period can be 365 days.

How to disable the user name length check function on CE series switches
By default, the security policy function is enabled for local accounts on CE series switches to ensure security. The function requires that a local user name contain at least six characters.

If the minimum length is specified for local user names on a switch, the switch also checks user name length.

To disable user name length check, run the following commands:
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] undo local-user policy security-enhance       //Disable the security policy function for local accounts.
[*HUAWEI-aaa] undo user-name minimum-length       // If the minimum user name length check function has been enabled, disable this function.
[*HUAWEI-aaa] commit

Is the user name mandatory when I configure SIP user registration on the IAD?
On the UC2.0 network, you must configure the user name (in domain name format) when configuring SIP user registration on the IAD. On other networks, you do not need to configure the user name. You only need to enter the user ID and corresponding authentication password.

How to configure a port group on a CE series switch
The procedure for configuring a port group on a CE series switch is described on the right.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top