Cisco ACE-4710-K9 Administration Guide - Page 316
SNMPv3 CLI User Management and AAA Integration, CLI and SNMP User Synchronization - create local users
![]() |
View all Cisco ACE-4710-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 316 highlights
SNMP Overview Chapter 8 Configuring SNMP SNMPv3 CLI User Management and AAA Integration The ACE implements RFC 3414 and RFC 3415, including the SMNPv3 User-based Security Model (USM) for message security and role-based access control. SNMP v3 user management can be centralized at the authentication and accounting (AAA) server level (as described in the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide). This centralized user management allows the ACE SNMP agent to use the user authentication service of a AAA server. After user authentication is verified, the SNMP protocol data units (PDUs) further processed. The AAA server is also used to store user group names. SNMP uses the group names to apply the user access and role policy that is locally available in the ACE. CLI and SNMP User Synchronization Any configuration changes to the user group, role, or password, results in the database synchronization for both SNMP and AAA. To create a CLI user by using the username command, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. To create an SNMP user by using the snmp-server user command, see the "Configuring SNMP Users" section. Users are synchronized as follows: • If you delete a user by using the no username command, the user is also deleted from both SNMP and the CLI. However, if you delete a user by using the no snmp-server user command, the user is deleted only from SNMP and not from the CLI. • User-role mapping changes are synchronized in SNMP and the CLI. Note When you specify a password in a localized key or encrypted format for security encryption, the password is not synchronized. • The password specified in the username command is synchronized as the auth and priv passwords for the SNMP user. • Existing SNMP users can continue to retain the auth and priv information without any changes. Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-6 OL-11157-01
![](/manual_guide/products/cisco-ace4710k9-administration-guide-fd41d2a/316.png)