Configuring Access Control for the VACM (SRC CLI)

Use the view-based access control model (VACM) to restrict access to particular branches of a subtree of MIB objects by excluding or including a MIB variable. If you want to include system-related MIB values but not the system name and system contact MIB OID, then create a view by excluding the system name and system contact MIB OID. Then the system name and system contact MIB OID are not displayed.

To configure access control for a view-based access control model (VACM):

Note: You can also associate an SNMP view with a community by using this configuration.

  1. Define a named view.

    See Defining Named Views (SRC CLI).

  2. Map an SNMPv1 or SNMPv2c community name to a security name.

    See Associating Security Names with a Community (SRC CLI).

  3. Create an SNMPv3 user.

    See Creating SNMPv3 Users.

  4. Map from a group of users or communities to a view.

    See Defining Access Privileges for an SNMP Group (SRC CLI).

  5. Map a security name into a named group.

    See Assigning Security Names to Groups (SRC CLI).

  6. (Optional) Verify your configuration.
    [edit snmp v3]
    snmp-community 123 {address 10.212.10.2;community-name TEST-Community;security-name testSecurity;}usm {local-engine {user testUser;}}vacm {access {group testGroup {default-context-prefix {security-model usm {security-level none {read-view testView;write-view none;}}}}}security-to-group {security-model usm {security-name testUser {group-name testGroup;}}security-model v2c {security-name testSecurity {group-name testGroup;}}}}

Related Documentation