[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring MIB Views

By default, an SNMP community grants read access and denies write access to all supported MIB objects (even communities configured as authorization read-write). To restrict or grant read or write access to a set of MIB objects, you must configure a MIB view and associate the view with a community.

To configure MIB views, include the view statement at the [edit snmp] hierarchy level:



[edit snmp]

view view-name {

oid object-identifier (include | exclude); 
}

The view statement defines a MIB view and identifies a group of MIB objects. Each MIB object of a view has a common OID prefix. Each object identifier represents a subtree of the MIB object hierarchy. The subtree can be represented either by a sequence of dotted integers (such as 1.3.6.1.2.1.2) or by its subtree name (such as interfaces). A configuration statement uses a view to specify a group of MIB objects on which to define access. You can also use wildcard character asterisk (*) to include OIDs that match a particular pattern in the SNMP view. To enable a view, you must associate the view with a community.

Note: To remove an OID completely, use the delete view all oid oid-number command but omit the include parameter.

To associate MIB views with a community, include the view statement at the [edit snmp community community-name] hierarchy level:



[edit snmp community community-name] 

view view-name;

Example: Ping Proxy MIB

Restrict the ping-mib community to read and write access of the Ping MIB and jnxpingMIB only. Read or write access to any other MIB using this community is not allowed.



[edit snmp]
view ping-mib-view { 
oid 1.3.6.1.2.1.80 include; #pingMIB
oid jnxPingMIB include; #jnxPingMIB
}
community ping-mib { 
authorization read-write; 
view ping-mib-view; 
}

For more information on the Ping MIB, see RFC 2925 and Juniper Networks Enterprise-Specific MIBs.

[Contents] [Prev] [Next] [Index] [Report an Error]