Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Access Control for the VACM (SRC CLI)

    Use the view-based access control model (VACM) to restrict access to particular branches of a subtree of MIB objects by excluding or including a MIB variable. If you want to include system-related MIB values but not the system name and system contact MIB OID, then create a view by excluding the system name and system contact MIB OID. Then the system name and system contact MIB OID are not displayed.

    To configure access control for a view-based access control model (VACM):

    Note: You can also associate an SNMP view with a community by using this configuration.

    1. Define a named view.

      See Defining Named Views (SRC CLI).

    2. Map an SNMPv1 or SNMPv2c community name to a security name.

      See Associating Security Names with a Community (SRC CLI).

    3. Create an SNMPv3 user.

      See Creating SNMPv3 Users.

    4. Map from a group of users or communities to a view.

      See Defining Access Privileges for an SNMP Group (SRC CLI).

    5. Map a security name into a named group.

      See Assigning Security Names to Groups (SRC CLI).

    6. (Optional) Verify your configuration.
      [edit snmp v3]
      snmp-community 123 {address 10.212.10.2;community-name TEST-Community;security-name testSecurity;}usm {local-engine {user testUser;}}vacm {access {group testGroup {default-context-prefix {security-model usm {security-level none {read-view testView;write-view none;}}}}}security-to-group {security-model usm {security-name testUser {group-name testGroup;}}security-model v2c {security-name testSecurity {group-name testGroup;}}}}

    Modified: 2014-06-10