Technical Documentation

Configuring the Access Privileges Granted to a Group

This topic includes the following sections:

Configuring the Group

To configure the access privileges granted to a group, include the group statement at the [edit snmp v3 vacm access] hierarchy level:

[edit snmp v3 vacm access]group group-name;

group-name is a collection of SNMP users that belong to a common SNMP list that defines an access policy. Users belonging to a particular SNMP group inherit all access privileges granted to that group.

Configuring the Security Model

To configure the security model, include the security-model statement at the [edit snmp v3 vacm access group group-name default-context-prefix] hierarchy level:

[edit snmp v3 vacm access group group-name default-context-prefix]security-model (any | usm | v1 | v2c);
  • any—Any security model
  • usm—SNMPv3 security model
  • v1—SNMPV1 security model
  • v2c—SNMPv2c security model

Configuring the Security Level

To configure the access privileges granted to packets with a particular security level, include the security-level statement at the [edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c)] hierarchy level:

[edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c)]security-level (authentication | none | privacy);
  • none—Provides no authentication and no encryption.
  • authentication—Provides authentication but no encryption.
  • privacy—Provides authentication and encryption.

    Note: Access privileges are granted to all packets with a security level equal to or greater than that configured. If you are configuring the SNMPv1 or SNMPv2c security model, use none as your security level. If you are configuring the SNMPv3 security model (USM), use the authentication, none, or privacy security level.

Associating MIB Views with an SNMP User Group

MIB views define access privileges for members of a group. Separate views can be applied for each SNMP operation (read, write, and notify) within each security model (usm, v1, and v2c) and each security level (authentication, none, and privacy) supported by SNMP.

To associate MIB views with an SNMP user group, include the following statements at the [edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c) security-level (authentication | none | privacy)] hierarchy level:

[edit snmp v3 vacm accessgroup group-name default-context-prefix security-model (any | usm | v1 | v2c) security-level (authentication | none | privacy)]notify-view view-name;read-view view-name;write-view view-name;

Note: You must associate at least one view (notify, read, or write) at the [edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c) security-level (authentication | none | privacy)] hierarchy level.

You must configure the MIB view at the [edit snmp view view-name] hierarchy level. For information about how to configure MIB views, see Configuring MIB Views.

This section describes the following topics related to this configuration:

Configuring the Notify View

To associate notify access with an SNMP user group, include the notify-view statement at the [edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c) security-level (authentication | none | privacy)] hierarchy level:

[edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c) security-level (authentication | none | privacy)]notify-view view-name;

view-name specifies the notify access, which is a list of notifications that can be sent to each user in an SNMP group. A view name cannot exceed 32 characters.

Configuring the Read View

To associate a read view with an SNMP group, include the read-view statement at the [edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c) security-level (authentication | none | privacy)] hierarchy level:

[edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c) security-level (authentication | none | privacy)]read-view view-name;

view-name specifies read access for an SNMP user group. A view name cannot exceed 32 characters.

Configuring the Write View

To associate a write view with an SNMP user group, include the write-view statement at the [edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c) security-level (authentication | none | privacy)] hierarchy level:

[edit snmp v3 vacm access group group-name default-context-prefix security-model (any | usm | v1 | v2c) security-level (authentication | none | privacy)]write-view view-name;

view-name specifies write access for an SNMP user group. A view name cannot exceed 32 characters.


Published: 2010-04-27