QTECH
Software Configuration Manual
2-38
Context-name is facility context. If the keyword is vacant, it is default to be local facility.
For example :
! Add group “group1” to local facility, using security model 1, and configure read, write, and notify view to
be internet
QTECH(config)# snmp-server group group1 1 read internet write internet notify Internet
! Remove group “group1” from local facility
QTECH(config)# no snmp-server group group1 1
! Display current group configuration.
QTECH(config)# show snmp group
2.12.10
Configure user
Use this configuration to configure user for local engine and recognizable remote engine. Following users
are default to exist : (1)initialmd5(required md5 authentication), (2) initialsha(required sha authentication), (3)
initialnone(non- authentication). The above three users are reserved for system not for user. The engine the user
belonged to must be recognizable. When deleting recognizable engine, contained users are all deleted. At most 64
users can be configured. Configure it in global configuration mode :
snmp-server user
username
groupname
[ remote
host
[ udp-port port ] ] [ auth { md5 | sha }
{ authpassword { encrypt-authpassword
authpassword
|
authpassword
} | authkey { encrypt-authkey
authkey
|
authkey
} } [ priv des { privpassword { encrypt-privpassword
privpassword
|
privpassword
}
| privkey { encrypt-privkey
privkey
|
privkey
} } ]
no snmp-server user
username
[ remote
host
[ udp-port
port
] ]
Display configured user in any configuration mode :
show snmp user
Username is the username to be configured. It ranges from 1 to 32 characters, excluding space.
Groupname is the groupname that user going to be added. It ranges from 1 to 32 characters, excluding space.
Host is remote engine ip address. If it is vacant, it is default to be local engine.
Port is the port number of remote engine. If it is vacant, it is default to be 162.
Authpassword is authentication password. Unencrypted password ranges from 1 to 32 characters. To avoid
disclosing, this password should be encrypted. To configured encrypted password needs client-side which supports
encryption to encrypt password, and use encrypted cryptograph to do the configuration. Cryptograph is different by
different
encryption.
Input
cryptograph
in
the
form
of
hexadecimal
system,
such
as
“a20102b32123c45508f91232a4d47a5c”
Privpassword is encryption password. Unencrypted password ranges from 1 to 32 characters. To avoid
disclosing, this password should be encrypted. To configured encrypted password needs client-side which supports
encryption to encrypt password, and use encrypted cryptograph to do the configuration. Cryptograph is different by
different
encryption.
Input
cryptograph
in
the
form
of
hexadecimal
system,
such
as
“a20102b32123c45508f91232a4d47a5c”
Authkey is authentication key. Unauthenticated key is in the range of 16 byte (using md5 key folding) or 20
byte (using SHA-1 key folding). Authenticated key is in the range of 16 byte (using md5 key folding) or 24 byte
(using SHA-1 key folding).
Privkey is encrpted key. Unencypted key ranes from 16 byte, and encrypted key ranes from 16 byte.
Keyword encrypt-authpassword, encrypt-authkey, encrypt-privpassword, encrypt-privkey are only used in
command line created by compile to prevent leaking plain text password and key. When deconfiguring SNMP, user
cannot use above keywords.
For example :
! Add user “user1” for local engine to group “grp1”, and configure this user not to use authentication and
encryption.
QTECH(config)# snmp-server user user1 grp1
! Add user “user2” for local engine to group “grp2”, and configure this user to use md5 authentication and
non-encryption with the auth-password to be 1234
QTECH(config)# snmp-server user user2 grp2 auth md5 auth-password 1234
! Add user “user3” for local engine to group “grp3”, and configure this user to use md5 authentication and