To assign security names to groups, include the following statements at the [edit snmp v3 vacm security-to-group] hierarchy level:
- [edit snmp v3 vacm security-to-group]
- security-model (usm | v1 | v2c) {
-
- security-name security-name {
- group group-name;
- }
- }
This topic includes the following sections:
To configure the security model, include the security-model statement at the [edit snmp v3 vacm security-to-group] hierarchy level:
- [edit snmp v3 vacm security-to-group]
- security-model (usm | v1 | v2c);
To associate a security name with a user or community string, include the security-name statement at the [edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c)] hierarchy level:
- [edit snmp v3 vacm security-to-group security-model (usm
| v1 | v2c)]
- security-name security-name;
security-name is the username configured at the [edit snmp v3 usm local-engine user username] hierarchy level. For SNMPv1 and SNMPv2c, the security name is the community string configured at the [edit snmp v3 snmp-community community-index] hierarchy level. For information about configuring usernames, see Creating SNMPv3 Users. For information about configuring a community string, see Configuring the SNMPv3 Community.
 |
Note: The USM security name is separate from the SNMPv1 and SNMPv2c security name. If you are supporting SNMPv1 and SNMPv2c, you must configure separate security names within the security-to-group configuration at the [edit snmp v3 vacm access] hierarchy level. |
After you have created users, v1, or v2 security names, you associate them with a group. A group is a set of security names belonging to a particular security model. A group defines the access rights for all users belonging to it. Access rights define what SNMP objects can be read, written to, or created. A group also defines what notifications a user is allowed to receive.
If you already have a group that is configured with all of the view and access permissions that you want to give a user, you can add the user to that group. If you want to give a user view and access permissions that no other groups have, or if you do not have any groups configured, create a group and add the user to it.
To configure the access privileges granted to a group, include the group statement at the [edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c) security-name security-name] hierarchy level:
- [edit snmp v3 vacm security-to-group security-model (usm
| v1 | v2c) security-name security-name]
- group group-name;
group-name identifies a collection of SNMP security names that share the same access policy. For more information about groups, see Defining Access Privileges for an SNMP Group.
 |
Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |