Configure SNMPv3 User Group

1. Access the system configuration element.

   ORACLE# configure terminal
   ORACLE(configure)# system
   ORACLE(system)#

2. Type snmp-group-entry and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters used to configure a group of users that belong to a particular security model who can read, write, and add SNMP objects and receive trap notifications.

   ORACLE(system)# snmp-group-entry
   ORACLE(snmp-group-entry)#

3. name <group-name-string>—Specify a group name that is 1 to 24 characters for the SNMPv3 group name.
4. mp-model—Specify the SNMP message processing model.
   Values:

   • v1v2—The SNMPv1 and SNMPv2 model.
   • v3—The SNMPv3 model (default).

   Note:

   If the mp-model parameter is specified with the v1v2 value, the community-string parameter (not configured) defines a coexistence configuration where SNMP version 2 messages with the community string from the hosts is indicated by the user-list parameter, and the corresponding snmp-user-entry and snmp-address-entry elements are accepted.
5. security-level—Specify the security level of the SNMP group, which are consistent for the user and can be used across multiple OCSBC devices.
   • noAuthNoPriv—This value specifies that the user group is authenticated by a string match of the user name and requires no authorization and no privacy similar to SNMPv1 and SNMPv2. This value is specified with the mp-model parameter and its v1v2 value and can only be used with the community-string parameter not specified.
   • authNoPriv—This value specifies that the user group is authenticated by using either the HMAC-SHA2-256 or HMAC-SHA2-512 authentication protocols to produce a key used to authenticate the trap and ensure the identity of the user.
   • authPriv—This default value specifies that the user group is authenticated by using either the HMAC-SHA2-256 or HMAC-SHA2-512 authentication protocols and the privacy password is encrypted using the AES128 algorithm. Using this security level provides user authentication and ensures message privacy so that the trap is not tampered with during transit. This value is specified with the SNMP mp-model parameter and its v3 value.

   Note:

   If there is a switchover on a high-availability OCSBC device, the SNMPEngineID varies and your network management system (NMS) should be updated with the SNMPEngineID of the standby OCSBC device.
6. community-string <community-string>—Specify the community name that is 1 to 24 characters to allow the co-existence of multiple SNMP message version types at the same time for this security group.
7. user-list <user-name string>—Specify a name for the user list that is 1 to 24 characters and must match the name of the user-name parameter of the snmp-user-entry element to configure user host names.
8. read-view <group-read-view-string>—Specify the name of the SNMP group's read view for a collection of MIB subtrees that can be 1 to 24 characters.
9. write-view <group-write-view-string>—Specify the name of the SNMP group's write view for a collection of MIB subtrees that can be 1 to 24 characters.
10. notify-view <group-notify-view-string>—Specify the name of the SNMP group's notification view for a collection of MIB subtrees that can be 1 to 24 characters.
11. Type done to save your configuration.

Note:

Repeat the previous steps if you need to add more groups.