How to configure SNMP v3 on a IOS/CatOS device using the command line interface .
Design

Configure snmp group

snmp-server group [groupname {v1 | v2c | v3{auth | noauth | priv}}] [read readview] [write writeview] [notify notifyview] [access access-list]

Configure snmp user

snmp-server user username [groupname remote ip-address [udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]

Configuration

SNMP commands for SNMP v3: IOS.

  • snmp-server group V3Group v3 [auth/noauth] read V3Read write V3Write
  • snmp-server user V3User V3Group v3 auth [sha/md5] [password]
  • snmp-server view V3Read iso included
  • snmp-server view V3Write iso included
  • snmp-server host version 3 auth V3User
  • snmp-server enable traps

SNMP commands for SNMPv3: CatOS

  • set snmp access V3Group security-model v3 authentication read V3Read write V3Write nonvolatile
  • set snmp user V3User authentication md5 [password]
  • set snmp group V3Group user V3User security-model v3 nonvolatile
  • set snmp view V3Read 1.3.6.1 included nonvolatile

  • set snmp view V3Write 1.3.6.1 included nonvolatile

  • auth group using the authNoPriv Security Level

  • noauth group using the noAuthNoPriv Security Level

  • md5 Use HMAC MD5 algorithm for authentication

  • sha Use HMAC SHA algorithm for authentication

  • V3Group is group-name we created for snmp v3 , this is called "a User Security Model group". You can chose the group name you prefer.
    V3User is a user-name that we created , in the above example this user belongs to the group V3Group .
    V3Read, V3Write are the SNMP read and write community strings , these communities will be used when you perform SNMP polls or edit on the device using SNMPv3 , use the appropriate strings you prefer but avoid using special characters .
    example on IOS device would be :

  • snmp-server group V3Group v3 auth read V3Read write V3Write

  • snmp-server user V3User V3Group v3 auth md5 MyPassword

  • snmp-server view V3Read iso included

  • snmp-server view V3Write iso included

  • snmp-server host X.X.X.X version 3 auth V3User

  • snmp-server enable traps

Related show Commands

This section provides information you can use to confirm your configuration is working properly.
Use the below commands to confirm you have configured this correctly :
show snmp groups : Displays information on each SNMP group on the network.

  • show snmp group : groupname: V3Group security model:v3 auth readview : V3Read writeview: V3Write Related Commands : snmp-server group show snmp user : Displays information on each SNMP username in the SNMP users table.
  • show snmp user : User name: V3User Engine ID: 800000090300001CF964CF01 storage-type: nonvolatile active Authentication Protocol: SHA Group-name: V3Group Related Commands : snmp-server user

Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output.

  • Try to snmpwalk the device using snmp v3 as below : snmpwalk -v3 -u [SNMPv3 user] -A [password] -l [set-security-level] deviceIP . -u : is the snmp v3 user. -A : is the password. -l : is the authentication mode [noAuthNoPriv|authNoPriv|authPriv]. -a : is the authentication protocol (MD5|SHA).
  • example : C:>snmpwalk -v3 -u V3User -A MyPassword -l authNoPriv -a MD5 10.10.10.10. 1.3.6.1. 2.1.1.2 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.928

Note: In case you are using priv mode following would be the syntax:
C:>snmpwalk -v3 -u -l AuthPriv -a MD5 -A -x DES -X
where
-x : is the privacy protocol (DES/AES 128/3DES)
-X : is the privacy protocol password.
Note: In case the snmpwalk fails after putting the correct credentials, please check the engineId configured on the device and the one configured for the user, if the engineId mismatches, reset the engineId to the one configured for the user.
Show running-config

JOR-2960#show running-config | inc snmp-server
snmp-server group V3Group v3 auth read V3Read write V3Write
snmp-server view V3Read iso included
snmp-server view V3Write iso included
snmp-server host 10.0.10.211 version 3 auth V3User

Related Information

Technical Support & Documentation - Cisco Systems
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html

EXEMPLE

snmp-server group nom_du_group v3 priv
snmp-server user nom_du_user nom_du_group v3 auth md5 ou sha nom_du_priv priv des ou aes nom_du_priv