To start, we will create the usual SNMP meta-data, such as contat and location just as we would with SNMPv1:
set service snmp contact 'Joe Smith' set service snmp listen-address 10.0.0.1 set service snmp location 'New York'
Note that you should use single or double quotes if your string contains spaces.
Now, we will start configuring SNMPv3. All commands will use the set service snmp v3 prefix. The first step is to create an engineID in hexidecimal format.
set service snmp v3 engineid '0x80001f8810b61f9921b417a48b00000'
The second step is to create an SNMP view. It will require both a text string ofr the name, and an OID, which you can create as well.
set service snmp v3 view snmpview1 oid 126.96.36.199.5.6.7
With the view created, we must now create a group. The group will define SNMP parameters for SNMPv3 users (to be created in the next step). Here we will create a group, give this group read-only privileges, select the security level for the group,and lastly assign the group a view. It is strongly recommended to assign read-only privileges to SNMP.
set service snmp v3 group group1 mode ro set service snmp v3 group group1 seclevel priv set service snmp v3 group group1 view snmpview1
Now that we have our view, and group created, we can create a user Lets do this step by step:
Create a username with password
set service snmp v3 user user1 auth plaintext-key Password1
Define the hash algorithm for the password
set service snmp v3 user user1 auth type sha
Assign the user a group
set service snmp v3 user user1 group group1
Set the encryption key for the user to provide privacy for SNMP traffic
set service snmp v3 user user1 privacy plaintext-key Privacykey1
Define encryption standard for privacy
set service snmp v3 user user1 privacy type aes
You should now have the parameters in place to manage your VyOS node with SNMPv3.