Defining Access Privileges for an SNMP Group (SRC CLI)

Use the following configuration statements to define access privileges for SNMP groups:

snmp v3 vacm access group group-name ... snmp v3 vacm access group group-name default-context-prefix security-model (any|v1|v2c|usm) ...
snmp v3 vacm access group group-name default-context-prefix security-model (any|v1|v2c|usm) security-level (authentication|none|privacy) { read-view read-view; write-view write-view; }

To configure MIB views with a group for the VACM:

  1. From configuration mode, access the configuration statement that configures the VACM group.
    [edit]user@host# edit snmp v3 vacm access group group-name

    The group name is the name for a collection of SNMP security names that belong to the same SNMP access policy.

  2. Specify the security model for access privileges.
    [edit snmp v3 vacm access group group-name] user@host# set default-context-prefix security-model (any|v1|v2c|usm)

    To specify any security model:

    user@host# set default-context-prefix security-model any

    To specify the SNMPv1 security model:

    user@host# set default-context-prefix security-model v1

    To specify the SNMPv2c security model:

    user@host# set default-context-prefix security-model v2c

    To specify the SNMPv3 user-based security model (USM):

    user@host# set default-context-prefix security-model usm
  3. Specify the security level for access privileges.
    [edit snmp v3 vacm access group group-name] user@host# set default-context-prefix security-model (any|v1|v2c|usm) security-level (authentication|none|privacy)

    To specify a security level that provides authentication but no encryption:

    user@host# set default-context-prefix security-model (any|v1|v2c|usm) security-level authentication

    To specify a security level that provides no authentication and no encryption:

    user@host# set default-context-prefix security-model (any|v1|v2c|usm) security-level none

    For SNMPv1 or SNMPv2c access, specify none as the security level.

    To specify a security level that provides authentication and encryption:

    user@host# set default-context-prefix security-model (any|v1|v2c|usm) security-level privacy
  4. (Optional) Specify the view used for SNMP read access. You must specify the read-view option or the write-view option.
    [edit snmp v3 vacm access group group-name default-context-prefix security-model (any|v1|v2c|usm) security-level (authentication|none|privacy)] user@host# set read-view read-view
  5. (Optional) Specify the view used for SNMP write access. You must specify the read-view option or the write-view option.
    [edit snmp v3 vacm access group group-name default-context-prefix security-model (any|v1|v2c|usm) security-level (authentication|none|privacy)] user@host# set write-view write-view

Related Documentation

Copyright© 1999-2014 Juniper Networks, Inc. All rights reserved.