SNMPv3 User Groups
A group of SNMPv3 users can be specified for easy management and access control.
Each SNMPv3 user can be configured to belong to a specific security model and security level. You can choose either the SNMPv1 and v2 model or the SNMPv3 model (which is selected for you by default). When you assign a security level to a group, this level is consistent for all users within this group and the security level can be used across multiple OCSBC devices. Also, these security levels determine how data is encrypted to prevent information leaks and stop an unauthorized user from scrambling the contents of an SNMP packet.
- The default authPriv security level specifies that the user group is authenticated by using either the HMAC-SHA2-256 or HMAC-SHA2-512 authentication protocols and the privacy password is encrypted using the AES128 authentication protocol. Using this security level provides user authentication and ensures message privacy so that the trap is not tampered with during transit.
- The noAuthNoPriv security level specifies that the user group is authenticated by a string match of the user name and requires no authorization and no privacy similar to SNMPv1 and SNMPv2.
- The authNoPriv security level specifies that the user group is authenticated by using either the HMAC-SHA2-256 or HMAC-SHA2-512 authentication protocols to produce a key used to authenticate the trap and ensure the identity of the user.
You can also configure an SNMPv3 user group to allow the co-existence of multiple SNMP message version types at the same time, specify a list of users belonging to the group, and assign the group privilege to read, write, and add SNMP objects and receive trap notifications.
