- ssh into the switch, and enter configuration mode with "configure"
- run: "snmpv3 enable"
- you'll have to create an initial snmpv3 user called "initial"
- I've been using the same passwords as for the "real" snmp user, but that's up to whatever your policy is. If the switch is exposed, you'd want to delete this user ASAP
- when asked to lock SNMPv1 & SNMPv2 to read-only, say yes
- don't create a user that uses SHA
- create the "real" SNMPv3 user via: "snmpv3 user <username> auth md5 <authpassword> priv <encryptionpassword>"
- create the group for snmpadmin: "snmpv3 group managerpriv user <username> sec-model ver3"
- save the config: "write memory"
To explicitly look at the SNMPv3 user(s) use "show snmpv3 user". To view groups, "show snmpv3 groups". Note that you can use different authentication and encryption protocols if you so desire.