Technical Documentation

Assigning Security Model and Security Name to a Group

To assign security names to groups, include the following statements at the [edit snmp v3 vacm security-to-group] hierarchy level:

[edit snmp v3 vacm security-to-group]security-model (usm | v1 | v2c) {security-name security-name {group group-name;}}

This topic includes the following sections:

Configuring the Security Model

To configure the security model, include the security-model statement at the [edit snmp v3 vacm security-to-group] hierarchy level:

[edit snmp v3 vacm security-to-group]security-model (usm | v1 | v2c);
  • usm—SNMPv3 security model
  • v1—SNMPv1 security model
  • v2c—SNMPv2 security model

Assigning Security Names to Groups

To associate a security name with a user or community string, include the security-name statement at the [edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c)] hierarchy level:

[edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c)]security-name security-name;

security-name is the username configured at the [edit snmp v3 usm local-engine user username] hierarchy level. For SNMPv1 and SNMPv2c, the security name is the community string configured at the [edit snmp v3 snmp-community community-index] hierarchy level. For information about configuring usernames, see Creating SNMPv3 Users. For information about configuring a community string, see Configuring the SNMPv3 Community.

Note: The USM security name is separate from the SNMPv1 and SNMPv2c security name. If you are supporting SNMPv1 and SNMPv2c, you must configure separate security names within the security-to-group configuration at the [edit snmp v3 vacm access] hierarchy level.

Configuring the Group

After you have created users, v1, or v2 security names, you associate them with a group. A group is a set of security names belonging to a particular security model. A group defines the access rights for all users belonging to it. Access rights define what SNMP objects can be read, written to, or created. A group also defines what notifications a user is allowed to receive.

If you already have a group that is configured with all of the view and access permissions that you want to give a user, you can add the user to that group. If you want to give a user view and access permissions that no other groups have, or if you do not have any groups configured, create a group and add the user to it.

To configure the access privileges granted to a group, include the group statement at the [edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c) security-name security-name] hierarchy level:

[edit snmp v3 vacm security-to-group security-model (usm | v1 | v2c) security-name security-name]group group-name;

group-name identifies a collection of SNMP security names that share the same access policy. For more information about groups, see Defining Access Privileges for an SNMP Group.


Published: 2010-04-27