Here is the configuration relation diagram in SNMPv3.A user can be added to a group or not as you need.Once a user joined a group,one or more kinds of views (notfiy-view, write-view, read-view) must be configured.Besides, configurations on user change with the security-level of the group as below 3 diagrams. Note notify-view,write-view and read-view are optional but you have to choose at least one view.In the below diagram,view1,view2,view3 can be the same or different.
Configuring Basic Information
Contact and location information can be configured as below which is the same as SNMPv2.
By default, trap messages are sent in the form of SNMPv2. But you can change it to SNMPv3 as below and designate NMS to which trap messages are sent. Note that in SNMPv3, security-name is user while in SNMPv2, security-name is community.
Setting Up a User
By default, SNMPv3 is enabled. And you should set up a usm-user first before you configure other functions of SNMPv3. Besides, adding a user to a group is optional. When a user is added to a group, the needed views should be configured. If you create a user without adding to any groups, you can configure as below. However, under the below circumstance, all the OIDs can be visited by its NMS which can read but can't write and be notified.
If you want to improve security, the user needs to be added to a group. Because in this way, you can configure a read-view, write-view or notify-view(you can choose only one kind or more as you need) which defines the authority of a NMS. Before configuring a read-view(write-view or notify-view), please set up a mib-view which is used as a view of the group. Here are the configurations. As for a mib-view, you can include or exclude some subtrees and can also configure mask for them.
You can improve security better by configuring security-level for the group. And the default setting of security-level is NoAuthNoPriv. You can change it to AuthNoPriv or AuthPriv. But please remember to configure authentication-mode, authentication-key, privacy-mode, privacy-key for the user. Configuration are as below.
NMS Visits Switch by user
NMS reads OID tree 220.127.116.11.18.104.22.168 as below. user1 is the user's name. AuthPriv is the security-level of group. 10.10.51.155 is the IP of the switch.
Enable or Disable LLDP SNMP Trap
The LLDP SNMP trap is enabled by default. You can use the following command to disable LLDP SNMP trap, then there will be no more LLDP trap message sends to snmp.