I'm interested in migrating a device fleet from snmpv2c to snmpv3 support but am completely new to the snmpv3 security structure and a bit confused by it. Under the snmpv2c community model, you could define read only or read/write access based on this community string. I'm struggling to understand the direct corelation as to how this is done with snmpv3. The configuration samples all tend to overwhelm with every option available (groups, users, readviews, writeviews etc) rather than just those fundamentally needed. Can anyone offer me a very quick understanding of how I set up a "community" equivelant under snmpv3? Much appreciated.
You can think of the user as an SNMP manager, but you don't have to use one username per NMS. Many customers create one SNMP user for their whole network for all their NMSes. They use the user/password as more of a secure community string.
SNMPv3 traps still require a user and a password. Only for traps, you'll need to add a notify view to your SNMPv3 group. For example:
snmp-server group v3group v3 auth notify v1default
snmp-server host version 3 auth v3user