In contrast to SNMPv1 and SNMPv2c, SNMPv3 allows additional security. This guide shows how to configure a Huawei device (e.g. switch) for SNMPv3.
In this example only the required parts of the SNMPv3 configuration are described. However it is advisable to configure additional features - like an ACL to further restrict access.
The parts that are capitalized in the configuration (group and user) can be adjusted according to your own specifications:
[HUAWEI]snmp-agent[HUAWEI]snmp-agent group v3 NETCAMP-GROUP privacy[HUAWEI]snmp-agent usm-user v3 NETCAMP-USER group NETCAMP-GROUP[HUAWEI]snmp-agent usm-user v3 NETCAMP-USER authentication-mode shaPlease configure the authentication password (8-64)Enter Password:Confirm Password:[HUAWEI][HUAWEI]snmp-agent usm-user v3 NETCAMP-USER privacy-mode aes256Please configure the privacy password (8-64)Enter Password:Confirm Password:[HUAWEI]
If you use the same password for authentication and privacy, a warning will appear that this is not recommended. However, it still works:
Warning: The privacy and authentication passwords are the same, which is insecure. It is recommended that the privacy and authentication passwords be different.
There are different programs to test the access with the SNMP credentials. One possible program is the SNMP Tester from Paessler, which can be downloaded freely under https://www.paessler.com/
