Configuring MIB Views

By default, an SNMP community grants read access and denies write access to all supported MIB objects (even communities configured as authorization read-write). To restrict or grant read or write access to a set of MIB objects, you must configure a MIB view and associate the view with a community.

To configure MIB views, include the view statement at the [edit snmp] hierarchy level:

[edit snmp]

view view-name { 

    oid object-identifier (include | exclude); 

} 

The view statement defines a MIB view and identifies a group of MIB objects. Each MIB object of a view has a common OID prefix. Each object identifier represents a subtree of the MIB object hierarchy. The subtree can be represented either by a sequence of dotted integers (such as 1.3.6.1.2.1.2) or by its subtree name (such as interfaces). A configuration statement uses a view to specify a group of MIB objects on which to define access. To enable a view, you must associate the view with a community.

NOTE: To remove an OID completely, use the delete view all oid oid-number command but omit the include parameter.

To associate MIB views with a community, include the view statement at the [edit snmp community-name] hierarchy level:

[edit snmp community community-name] 

view view-name;

Example: Ping Proxy MIB

Restrict the ping-mib community to read and write access of the ping MIB and jnxpingMIB only. Read or write access to any other MIB using this community is not allowed.

[edit snmp]

view ping-mib-view { 

    oid 1.3.6.1.2.1.80 include;                                                            #pingMIB

    oid jnxPingMIB include;                                                             #jnxPingMIB

} 

community ping-mib { 

    authorization read-write; 

    view ping-mib-view; 

} 

For more information on the ping MIB, see RFC 2925 and Juniper Networks Enterprise-Specific MIBs.